Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

Apple Suddenly Drops NSO Group Spyware Lawsuit

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

iPhone security

Apple has abruptly withdrawn its lawsuit against NSO Group, citing increased risk that the legal battle might unintentionally reveal sensitive vulnerability data and difficulties in acquiring essential information from the spyware vendor.

In a court filing Friday, Apple said continuing the lawsuit now poses “too significant a risk” of exposing the anti-exploitation and threat intelligence efforts needed to fend off the very adversaries involved in the legal dispute.

“When it filed this lawsuit nearly three years ago, Apple recognized that it would involve sharing information with third parties. However, developments since then have reshaped the risk landscape associated with sharing such information,” the Cupertino device maker said.

“Apple knows and appreciates that this Court would take the utmost care with the sensitive information relevant to this case. But it is also aware that — now more than ever — predatory spyware companies, including those not before this Court, will use any means to obtain this information,” the company added.

“Any disclosure, even under the most stringent controls, puts this information at risk. Due to the developments since this suit was filed, proceeding forward at this time would now present too significant a risk to Apple’s threat-intelligence program.”

The case, originally filed in 2021 in the U.S. District Court for the Northern District of California, sought to to hold NSO Group accountable for hacking into Apple’s iOS platforms with so-called zero-click exploits to spy on researchers, journalists, activists, dissidents, academics, and government officials.

Apple and WhatApp maker Meta have accused NSO Group of creating “sophisticated, state-sponsored surveillance technology that allows its highly targeted spyware to surveil its victims” and moved to the US courts to ban the company from using its software, services or devices.

On Friday, Apple also cited concerns that NSO Group and unidentified officials in Israel may have taken actions to avoid producing information during discovery.  “This means that going forward with this case will potentially involve disclosure to third parties of the information Apple uses to defeat spyware while Defendants and others create significant obstacles to obtaining an effective remedy,” the company said.

Advertisement. Scroll to continue reading.

Apple also pointed to shifting dynamics in the commercial spyware industry and cautioned that  even a legal victory might have limited impact on the broader surveillance software landscape.

“Defendants have been partly supplanted by numerous other spyware companies, dispersing threats that were once concentrated in a single powerful actor; consequently, even a complete victory in this suit would not have the same impact as in 2021, as other unaffiliated spyware companies would remain unaffected and could continue their destructive tactics,” the company added.

Meta-owned WhatsApp has also sued NSO Group, accusing the controversial company of using its messaging service to conduct cyberespionage on journalists, human rights activists and others.

Related: Apple Ships Urgent Patch for FORCEDENTRY Zero-Days

Related: New iOS Zero-Click Exploit Defeats Apple ‘BlastDoor’ Sandbox

Related: Apple Adds ‘BlastDoor’ to Secure iPhones From Zero-Click Attacks

Related: Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.