Apple announced this Tuesday (23) the opening of a lawsuit against the Israeli company NSO Group, which created the Pegasus spy program. The software is capable of hacking into iPhones and Android phones to activate their camera, microphone and access device data.

The tool was reportedly used to spy on journalists, activist groups and opposition politicians from 50 countries, according to a series of newspaper reports in the United Kingdom and the United States.

In the lawsuit, Apple seeks to hold the NSO Group accountable and prevent the company from using any of its software, services or devices – a way to derail the discovery of new breaches and attacks.

Understand what Pegasus is

The iPhone maker also claimed compensation for the time and cost of dealing with what the company argues is the Israeli company’s abuse of its products.

According to Apple, the amount will be donated to organizations and cybersecurity research communities working to uncover the use of this type of spying tool – the company also allocated $10 million to these groups.

This is not the first process the NSO Group has faced. In October 2019, Facebook went to court alleging that the company violated WhatsApp’s terms of use by sending malicious code to 1,400 users between April and May 2019 using an application’s call-taking vulnerability.

The Pegasus spy program is considered one of the most complete and advanced spy programs available for mobile phones and can attack devices running the Android, Google, and iOS operating system used in iPhones.

Its creator, the NSO Group, claims that it is only sold to government agencies that are approved by Israel and that it is only used to pursue terrorists and major criminals. In addition, the company says it does not have access to its customers’ data.

The use of this type of software by governments is done in secret and human rights organizations point out possible abuses in reports. Companies that develop solutions like this operate in an unregulated space.

Use of security holes

Pegasus is designed to bypass the iPhone and Android cell protections and leave little trace of its attack.

In general, loopholes used by Pegasus or other such programs are not known until they have been exploited, and the companies that are targeted provide solutions.

The lawsuit filed by Apple seeks to hold the NSO Group responsible for using these breaches and prevent it from having access to the company’s equipment to find new vulnerabilities.

“State-sponsored organizations like the NSO Group spend millions of dollars on sophisticated spying technologies without effective accountability. That needs to change,” Craig Federighi, Apple’s vice president of software engineering, said in a statement.

“Although cyber threats impact a very small number of our consumers, we take any attacks on our users seriously and we are constantly working to strengthen security and privacy protections,” he added.

In the lawsuit, Apple gave more details of one of the vulnerabilities that were reportedly used by the NSO Group and that were discovered by researchers at Citizen Lab, a digital security research group at the University of Toronto in Canada.

“Spyware (spyware) was used to attack a small number of Apple users around the world. The lawsuit seeks to prohibit the NSO Group from further harming people. The lawsuit also seeks redress for flagrant violations of federal and state law. US by the NSO Group,” the company said in a statement.

Apple said updated versions of the iPhone system fix the vulnerabilities.

When the attack on journalists, activists and politicians was revealed, the NSO Group said the Forbidden Stories report, which brought the story to light, elaborates unproven theories and is fraught with wrong assumptions.

The company claims that Pegasus is only sold to government agencies that are approved and that it is only used to pursue terrorists and major criminals. In addition, the NSO Group says it does not have access to its customer data.

