“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of software engineering.
Apple said NSO Group’s spyware, called Pegasus, had been used to attack a small number of Apple customers worldwide.
NSO Group has broadly denied wrongdoing and said its products have been used by governments to save lives.
It’s the latest blow to the hacking firm, which was recently blacklisted by the U.S. Commerce Department and is currently being sued by social media giant Facebook.
“Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO group will continue to advocate for the truth,” the company said in a statement.
Security researchers have found Pegasus being used around the world to break into the phones of human rights activists, journalists and even members of the Catholic clergy.
Pegasus infiltrates phones to vacuum up personal and location data and surreptitiously controls the smartphone’s microphones and cameras. Researchers have found several examples of NSO Group tools using so-called “zero click” exploits that infect targeted mobile phones without any user interaction.
The Biden administration announced this month that NSO Group and another Israeli cybersecurity firm called Candiru were being added to the “entity list,” which limits their access to U.S. components and technology by requiring government permission for exports.
Also this month, security researchers disclosed that Pegasus spyware was detected on the cellphones of six Palestinian human rights activists. And Mexican prosecutors recently announced they have arrested a businessman on charges he used the Pegasus spyware to spy on a journalist. Facebook has sued NSO Group over the use of a somewhat similar exploit that allegedly intruded via its globally popular encrypted WhatsApp messaging app. A U.S. federal appeals court issued a ruling this month rejecting an effort by NSO Group to have the lawsuit thrown out.
Apple also announced Tuesday that it was donating $10 million, as well as any damages won in the NSO Group lawsuit, to cyber-surveillance researchers and advocates.