Apple has dealt a blow against spyware maker NSO Group and the Israeli firm's efforts to move Apple's lawsuit against it to its home country. Apple in November 2021 sued the group and its parent company with the aim of holding it accountable for targeting Apple users with spyware used for surveillance purposes.
Judge Donato denied NSO's motion to dismiss Apple's case "in all respects," and rejected the group's arguments that Apple should be required to bring its lawsuit to Israel, deciding instead that the case will proceed in the United States.
The court also ruled that Apple had adequately alleged that NSO violated the Computer Fraud and Abuse Act (CFAA) and California’s Unfair Competition Law, breached its contract with Apple, and that NSO unjustly enriched itself at the expense of Apple and its users.
In the lawsuit, Apple offers up information on how NSO Group infiltrated the devices of iPhone owners and how it utilized the Pegasus spyware to do so. Apple is asking for a permanent injunction that would ban NSO Group from using Apple software, services, or devices.
An Apple spokesperson said the victory meant that Apple could proceed in U.S. court to hold NSO accountable and continue to protect Apple's users, products, and infrastructure from hacker groups like NSO.
NSO Group created invasive spyware known as "Pegasus" that was sold to various world governments and was used to access the devices of journalists, lawyers, and human rights activists.
Apple has been working on fixing exploits and has addressed major Pegasus-related hacks in updates to its software since iOS 14.6. In addition to filing a lawsuit against NSO Group, Apple plans to contribute $10 million to organizations pursuing cybersurveillance research and advocacy.
"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability," said Apple's software engineering chief Craig Federighi in 2021. "That needs to change."
NSO will have to answer Apple's complaint in a U.S. court by February 14, 2024.
Top Rated Comments
For example, for a "Zero-click kernel code execution with persistence and kernel PAC bypass" Apple pays $100K to $1M. If you bring something like that to NSO group (or other even shadier operators) you can easily get ten times that amount.
Sure, $100K to $1M isn't peanuts by any means, but only so many of those chains exist and finding them is hard work and is often based on months of work from several talented researchers.
One of said countries is descending into a dictatorship, Pegasus has been used and abused for the most perverse means against civil society and democracy. I really hope Apple wins this lawsuit.