NSO Group Faces Apple in Court Over Privacy-Invasive Pegasus Spyware

A U.S. court has dismissed a petition by the Israeli firm NSO Group, creators of the spyware Pegasus, to throw out a lawsuit filed by Apple. The tech giant accuses NSO of violating computer fraud laws and other infringements related to infecting Apple clients’ devices with its spyware.

In November 2021, Apple launched legal action against NSO Group, seeking a permanent injunction to prevent NSO from using any Apple software, services, or devices. The lawsuit claims that the company breached the American Computer Fraud and Abuse Act (CFAA), California’s Unfair Competition Law, and the terms of use of the iCloud service by installing NSO Group’s spyware on victims’ devices without their knowledge or consent. NSO is required to respond to Apple’s complaint by February 14th.

Tang Tan LoveFrom

According to Apple, Pegasus infiltrated Apple client devices using a Zero-Click exploit named FORCEDENTRY, linked to a vulnerability in processing GIF images in iMessage. This exploit allowed the downloading and opening of a malicious PDF file without the target’s awareness, granting the attacker access to data across different areas of the device. Once on the smartphone, the spyware enables the operator to eavesdrop on phone calls, view messages, and access the camera and microphone without user permission.

Despite NSO Group’s assertions that it sells its spyware solely to governments, and only for investigating terrorism or other serious crimes, Pegasus has been repeatedly used to spy on journalists, activists, political dissidents, diplomats, and politicians. This led to U.S. sanctions against the company and multiple lawsuits.

In March 2023, NSO Group requested the court to dismiss Apple’s lawsuit, arguing that Apple should file the lawsuit in Israel, NSO Group’s home jurisdiction. The company also stated that Apple could not sue for CFAA violations because Apple itself had not suffered any damage or loss.

The court rejected NSO Group’s arguments, stating that “CFAA’s goal to combat hacking aligns with Apple’s charges, and NSO has not proven otherwise.”

“Loss” is understood as any reasonable expenses incurred by the victim, including costs related to responding to the offense, assessing the damage, and restoring data, programs, systems, or information to their state before the violation, as well as any lost revenue, incurred expenses, or other indirect losses due to service interruption. According to the court, this precisely describes the loss Apple claimed in its lawsuit.

Responding to the judge’s decision, an NSO Group representative said the company would continue to fight. The spokesperson stated that the motion to dismiss is part of the legal process in this case. The technology in question is crucial for law enforcement and intelligence agencies in their efforts to ensure public safety. The company is confident that once arguments are presented, the court will rule in favor of NSO Group.