Apple is suing Israeli spyware firm NSO Group and its parent company for allegedly targeting iPhone users with a hacking tool. NSO's Pegasus software can infect both iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras. NSO Group said its tools were made to target terrorists and criminals.
But it has allegedly also been used on activists, politicians and journalists.
NSO Group says it only supplies Pegasus to military, law enforcement and intelligence agencies from countries with good human-rights records.
However earlier this month, US officials placed the company on a trade blacklist, saying the software had "enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists".
Apple's move follows a lawsuit launched in 2019 by WhatsApp which is still working its way through the US court system.
In its initial court filing, WhatsApp said NSO Group "developed their malware in order to access messages and other communications after they were decrypted on target devices".
Other tech firms, including Microsoft, Meta Platforms (formerly Facebook), Google-owner Alphabet and Cisco Systems have all previously criticized NSO.
In a blog post announcing the California lawsuit, Apple said it wanted to hold NSO Group and its parent company OSY Technologies "accountable for the surveillance and targeting of Apple users".
"To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices," it said.
In its complaint, filed in the US District Court for the Northern District of California, Apple said NSO's tools were used in "concerted efforts in 2021 to target and attack Apple customers" and that "US citizens have been surveilled by NSO's spyware on mobile devices that can and do cross international borders."
Apple alleged that NSO group created more than 100 fake Apple ID user credentials to carry out its attacks.
The tech giant said that its servers were not hacked, but that NSO misused and manipulated the servers to deliver the attacks on Apple users.
Apple also alleged that NSO Group was directly involved in providing consulting services for the spyware, but NSO maintains that it only sells its tools to clients.
Apple said it was forced to engage in a continual arms race with NSO, saying the Israeli firm was "constantly updating their malware and exploits to overcome Apple's own security upgrades".
The iPhone maker said that it will donate $10m, as well as any damages recovered in the lawsuit, to cybersurveillance research groups including Citizen Lab, the University of Toronto group that first discovered NSO's attacks.
NSO Group said in response: "Thousands of lives were saved around the world thanks to NSO Group's technologies used by its customers".
"Paedophiles and terrorists can freely operate in technological safe-havens, and we provide governments with the lawful tools to fight [them].
"NSO group will continue to advocate for the truth."