IPhones have been one of the main targets of spyware Pegasus, marketed by the company NSO, at the heart of the turmoil since the revelations of global cyber espionage that occurred last July.
The noose is tightening in the United States around NSO Group, the Israeli maker of ultra-controversial spy software, with the lawsuits filed Tuesday, November 23 by Apple, exasperated that its iPhones have been hacked.
The company NSO is made up of “notorious pirates”, assert the lawyers of the Californian group in the complaint, which holds the firm responsible for the “malicious activities” of some of its clients, including governments.
“They are amoral mercenaries of the 21st century who have created ultra sophisticated cyber-surveillance machines, inciting flagrant and routine abuses,” they continue.
The company, which had to repair a flaw exploited by the Pegasus software, is asking the court to permanently ban NSO programs on its devices and services.
An international media collective revealed this summer that Pegasus had made it possible to spy on the numbers of journalists, politicians, activists or business leaders from different countries, including French President Emmanuel Macron.
“Thousands of lives have been saved around the world thanks to NSO Group technologies,” reacted a spokesperson for the firm, contacted by AFP.
“Pedophiles and terrorists can flourish freely within the confines of the technological equipment at their disposal, and we provide legal tools to governments to combat them. NSO Group will continue to fight for the truth,” he said. he adds.
In September, Apple urgently fixed a computer vulnerability that Pegasus was able to exploit to infect iPhones, without users even having to click on trapped links or buttons, in a process known as “zero-click”.
However, the Californian group has notably built its success on its excellent reputation in terms of security and respect for privacy.
“In the consumer electronics market, Apple devices are the most secure, but companies that develop spyware on behalf of states have become even more dangerous,” said Craig Federighi, vice-president. Apple’s president in charge of software, quoted in a press release.
“Even though these cybersecurity threats affect only a small number of our customers, we take all attacks against our users seriously,” he continued.
The complaint comes as other US companies and authorities have taken action against the Israeli publisher.
In early November, Washington added NSO Group to its list of banned companies.
“The United States is determined to use export controls in an incisive manner to hold accountable companies that develop, commercialize or use technologies for malicious purposes, which threaten the cybersecurity of members of civil society or government, dissidents, and organizations based here and abroad, ”said US Secretary of Commerce Gina Raimondo.
The Israeli group said it was “appalled” by this decision, assuring that NSO has a “rigorous ethical charter, based on American values”.
“This must change”
In 2019, Whatsapp admitted to being infected with Pegasus, and its parent company Facebook sued NSO Group, accusing it of using its messaging system to spy on journalists and human rights defenders. About 1,400 smartphones had been compromised, according to the complaint.
In early November, a US appeals court dismissed NSO’s immunity request.
“It is likely that Apple has been preparing this file for some time, but was waiting for the matter with WhatsApp to progress,” said Jake Williams, chief technology officer at cybersecurity firm BreachQuest.
“This is not good news for NSO, which would be in danger of going bankrupt with more than $ 500 million in debt, governance problems and France which is retracting its orders because of US sanctions,” he said. he added.
According to researchers at Citizen Lab, the University of Toronto’s cybersecurity organization, Pegasus had been exploiting a loophole in iMessage, Apple’s messaging system, since at least February 2021. They had discovered that a Saudi activist’s iPhone had been infected.
“State-funded groups like the NSO Group are spending millions of dollars designing sophisticated surveillance technologies, without having to answer for the consequences. That needs to change,” said Craig Federighi.
In early November, a new investigation revealed that Pegasus had been used to hack the phones of members of Palestinian NGOs recently placed on the list of Israel’s “terrorist groups”. The investigation carried out by the European group Frontline Defenders concluded, after cross-checking with the Citizen Lab and Amnesty International, that six laptops had been infected with the software.