Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure
September 16, 2024
Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure.
Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group, citing the risk of “threat intelligence” information exposure.
Apple wants to dismiss its lawsuit against NSO Group due to three key developments. First, continuing the lawsuit could compromise advanced threat intelligence gathered by Apple by exposing sensitive information to third parties. Second, the spyware industry has diversified, making a lawsuit against NSO less impactful, as other spyware companies continue their operations. Third, obstacles in obtaining critical information from NSO undermine the effectiveness of the legal action. Apple pointed out that it prefers to focus its efforts on developing technical measures to protect users from spyware like Pegasus.
The IT giant fears that the disclosures of its threat intelligence related to commercial spyware operations could aid NSO and other surveillance firms.
“Apple’s teams work tirelessly to protect the critical threat-intelligence information that Apple uses to protect its users worldwide. Because of these efforts, along with the efforts of others in the industry and national governments to combat the rise of commercial spyware, Defendants have been substantially weakened.” reads the court filing. “At the same time, unfortunately, other malicious actors have arisen in the commercial spyware industry. It is because of this combination of factors that Apple now seeks voluntary dismissal of this case.” reads
The court filing referenced an article published by The Guardian article reporting that Israeli officials seized files from NSO Group’s headquarters.
“The Israeli government took extraordinary measures to frustrate a high-stakes US lawsuit that threatened to reveal closely guarded secrets about one of the world’s most notorious hacking tools, leaked files suggest.” reads the article published by the Guardian mentioned in the court filing. “Israeli officials seized documents about Pegasus spyware from its manufacturer, NSO Group, in an effort to prevent the company from being able to comply with demands made by WhatsApp in a US court to hand over information about the invasive technology.”
The officials requested an Israeli court to keep this action secret, even from parties involved in Meta’s ongoing WhatsApp hacking lawsuit against NSO.
The hacked Israeli ministry of justice communications revealed concerns that sensitive information could be accessed by Americans.
“while Apple takes no position on the truth or falsity of the Guardian Story described above, its existence presents cause for concern about the potential for Apple to obtain the discovery it needs.” continues the court filing.
In November 2021, Apple sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court for illegally targeting its customers with the surveillance spyware Pegasus.
According to the lawsuit, NSO Group is accountable for hacking into Apple’s iOS-based devices using zero-click exploits. The software developed by the surveillance firm was used to spy on activists, journalists, researchers, and government officials.
Apple also announced it would support with a contribution of $10 million to the academic research in unmasking the illegal surveillance activities
“Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.” reads the announcement published by Apple.
The legal action aims at permanently preventing the infamous company from breaking into any Apple software, services, or devices.
The complaint included details about the NSO Group’s FORCEDENTRY exploit that was used to target multiple users and drop the latest version of NSO Group’s Pegasus.
Threat actors leveraged two zero-click iMessage exploits to infect the iPhones with spyware, respectively known as 2020 KISMET exploit and FORCEDENTRY.
The latter exploit was discovered by Citizen Lab researchers, it is able to bypass the “BlastDoor” sandbox introduced early this year in iOS to block iMessage zero-click exp
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Apple)