back to article Apple sues 'amoral 21st century mercenaries' NSO for infecting iPhones with Pegasus spyware

Apple today sued NSO Group, which sells spyware to governments and other organizations, for infecting and snooping on people's iPhones. In a strongly worded filing [PDF] Apple described NSO as "amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant …

  1. PhilipN

    "amoral 21st century mercenaries ..." etc.

    Referring to ...... [insert any one of a number of major IT companies here]

    1. Anonymous Coward
      Anonymous Coward

      Re: "amoral 21st century mercenaries ..." etc.

      I wonder how Apple might manage interacting or interfering with all the other state sponsored use of Apple services and products out there? Could be scope for a mildly thrilling technopolitic series on Netflix.

  2. MrDamage Silver badge

    Seriously?

    > "Apple argued that though NSO sells Pegasus to foreign governments and others, the developer is heavily involved in each deployment of the tracking software, and thus needs to be held responsible for the ultimate use of the code."

    Just hope Apple remembers this when their compromises to the Chinese govt ends up with people suffering human rights abuses.

    https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html

    https://www.nytimes.com/2021/05/17/technology/apple-china-privacy-censorship.html

    But, ultimately, if a malformed text message can prompt the installation of malware, then Apple are the ones who bear responsibility for this glaring security oversight.

    1. Stork Silver badge

      Re: Seriously?

      In Apple’s defence, they patched it according to the article

      1. JassMan Silver badge
        Trollface

        Re: Seriously?

        In Apple's defence, they repeatedly patched it their poorly secured code according to the article

        FTFY

        1. Lord Elpuss Silver badge

          Re: Seriously?

          "In Apple's defence, they repeatedly patched it their poorly secured code according to the article"

          The fact that a dedicated, highly focused and extremely well funded operation was able to find and use an exploit which was promptly patched, does not make it 'poorly secured code'. That's like saying Fort Knox is 'poorly secured' because you could drop a nuke on it and it would blow the door off.

          1. Pascal Monett Silver badge

            I doubt that there is any nuke that can be so finely-tuned as to blow only the door off.

            If we do have that, then Area 51 is holding more than just alien tech.

            1. Lord Elpuss Silver badge

              "I doubt that there is any nuke that can be so finely-tuned as to blow only the door off."

              Special Atomic Demolition Munitions (SADM) are tuneable from 10 to 10kt. Anywhere from 'put a damn big dent in the blast door' right up to 'remove the whole site from the planet'.

              https://en.wikipedia.org/wiki/W54

          2. TheFifth

            Re: Seriously?

            https://www.youtube.com/watch?v=7_PX1cVuaVA

    2. SW10

      Re: Seriously?

      Apple are the ones who bear responsibility

      Seriously?

      I understand you just want a pop at Apple, and I really hope that you don’t use the “if you got attacked it’s your fault” argument in other areas of life.

      1. Anonymous Coward
        Anonymous Coward

        Re: Seriously?

        This isn't victim blaming.

        They weren't say "you bought an iThing so you deserved it"

        This pointing out that the attacks were successful because the vendor wasn't producing acceptable quality code.

        Between February & September, NSO used a zero-click technique to infect selected iOS devices

        How come NSO can find these holes when the SW originator can't?

        Is it because NSO are looking for them while the developers are not?

        Or is it because the profit motive, motivates NSO to find these holes while the profit motive for the developer is to saying "Fuck it, that's good enough, can't be arsed to spend any more time/$$$s looking to see whether it's full of holes".

        Unless companies are prepared to spend time, effort and cash looking for problems they won't find them and therefore we shouldn't be too surprised if holes are found.

        1. DS999 Silver badge

          Re: Seriously?

          Please name any mass market consumer software that's free of similar security issues. I'll wait.

          I'd love for Apple to be able to produce code without any 0 days, but if they did they'd be doing something no one else has managed.

          1. Anonymous Coward
            Anonymous Coward

            Re: Seriously?

            The sad thing is I can't.

            See my line on the profit motive.

            My feelings one way or the other for Apple were irrelevant here. I carefully avoided saying Apple precisely because I knew my comment applied equally well to lots of other producers of "mass market consumer software".

            I suspect that many of the individual developers would love to be allowed to spend the time and effort to:

            to be able to produce code without any 0 days, but if they did they'd be doing something no one else has managed.

            But that doesn't stop the organization as a whole having the attitude of

            "Fuck it, that's good enough, can't be arsed to spend any more time/$$$s looking to see whether it's full of holes"

            Because I know that it costs a lot more to make software which isn't so full of holes. I see it much more as a failure of management than a failure of the programmers involved.

            1. trindflo Bronze badge

              Re: Seriously?

              I think that Microsoft issues a constant stream of features in order to play market leader and jerk the rest of the industry around, and these feature are widely complained about being poorly tested in the rush to market.

              Apple doesn't have the same business model; with a walled garden they don't need to play market leader. I think you are conflated two separate problems (not that Apple lacks its own issues).

          2. Binraider Silver badge

            Re: Seriously?

            Writing code with no 0-days is easy. Writing useful code without a zero day is hard!

        2. SW10

          Re: Seriously?

          This isn't victim blaming.

          Hello AC,

          Your writing style and fondness for commas makes me suspect you wrote the post by MrDamage

          Either way, the victim-blaming* point still stands

          * Your words

          1. Tim99 Silver badge

            Re: Seriously?

            Alternatively, there may be two posters who use a similar style? I am old and went to a school that had "illusions" of grandeur - I was taught to use Oxford spelling and commas; longer, adequately punctuated, sentences; and the excessive use of subordinate clauses. I now try to use shorter sentences.

            1. Dave 126 Silver badge

              Re: Seriously?

              Kurt Vonnegut wrote that semi-colons should not be used; they suggested that one had been to college.

              1. jgarbo
                Headmaster

                Re: Seriously?

                Or that one understands the difference in English between a sentence and a relative clause.

            2. Anonymous Coward
              Anonymous Coward

              Re: Seriously?

              Correct, I'm not MrDamage, so there must be two commentards here who's writing style are sufficiently similar to confuse those looking for ...

              If our styles are similar then I pity MrDamage as I know my grammar is appalling. If by collage the poster above meant Uni, then no I never went. As for Oxford commas I had to look those up recently when Word castigated me for not putting a comma in a place my primary school taught me never to put them.

              I'm certainly guilty of the "excessive use of subordinate clauses". It probably means I've not thought out the sentence all the way to the end before I start typing.

          2. Furious Reg reader John

            Re: Seriously?

            Apple are not the actual victim here, so pointing out Apple's own failure's to protect its customers is not victim blaming.

            When Apple put profit before principle when dealing with China, it lost all claims to be a moral company. They are simply using the Human Rights Industry angle to cover up the marketing disaster that is a no interaction pwnage flaw in their system.

            1. sabroni Silver badge

              Re: When Apple put profit before principle when dealing with China.....

              .....it lost all claims to be a moral company.

              You're missing an "in my view" from that statement.

              1. Furious Reg reader John

                Re: When Apple put profit before principle when dealing with China.....

                Er - I think you might have failed to grasp the singular role of the comment facility, but let me help you out with a clue - I'm not posting your views.

              2. Pascal Monett Silver badge

                Not really.

            2. Graham Cobb Silver badge

              Re: Seriously?

              it lost all claims to be a moral company

              Despite being an atheist: "Let him who is without sin cast the first stone".

              I am also deeply disappointed Apple did not decide to walk out of China (and, indeed, even invest in countering the Chinese government). I was also deeply disappointed by the recent moves to scan private files (such as photos).

              These moves mean that I won't invest in them, for example. And, if it wasn't the case that Google is so much, much worse I wouldn't do business with them.

              However, despite that, I can recognise that they don't claim to be a "moral company" and they deserve praise for this action against NSO. Sure, they have bugs, but they do seem to make some more effort than their competitors to fix them (and, of course, charge a lot more money for their products than those competitors do).

        3. Sorry that handle is already taken. Silver badge

          Re: Seriously?

          How come NSO can find these holes when the SW originator can't?

          Is it because NSO are looking for them while the developers are not?

          Yeah, it's a common problem in engineering, both hard and soft: creators that are fixated on what a feature is intended to do, not what it can do.

        4. Anonymous Coward
          Anonymous Coward

          Re: Seriously?

          Unless companies are prepared to spend time, effort and cash looking for problems they won't find them and therefore we shouldn't be too surprised if holes are found.

          In that context I find it interesting that you attempt to appear to single out Apple (or avoid mentioning others), one of the few vendors that actually puts some effort in (and no, the China argument doesn't really work - it appears people seem to forget that companies have to - or ought to - follow local law). Apple puts the effort in as far as I can tell.

          Also, analyse motive: Apple makes most of its money from hardware, followed by services, and has picked up that privacy matters to its users. Google, OTOH, makes most of its money by scraping personal data off everything it touches (which its Terms allow it to retain into perpetuity, although they replaced that word in later versions with more benign looking text). Who would be more inclined to leave "accidental" holes or bother less?

          1. Anonymous Coward
            Anonymous Coward

            Re: Seriously?

            > In that context I find it interesting that you attempt to appear to single out Apple

            Please go and re-read my posting, I quite deliberately did not name Apple even when the text would have read batter if I had. I did not name Apple because they are not the only company guilty of producing code with holes in. I don't even consider them the reason that so much SW appears to have been "rushed". It just so happened this conversation started following a story about Apple. Other vendors have produced code where holes can be exploited with zero user interaction. Perhaps they were in the wrong place at the wrong time.

        5. tiggity Silver badge

          Re: Seriously?

          Finding and exploiting vulnerabilities in a time / cost efficient manner often requires different (and rarer) skills than code development, so no surprise there's code issues even top 10% devs do not spot.

          If a company wants to test the software it produces for vulnerabilities then it needs people with the right skill set, that will not usually be developers.

          Obviously some devs do have the mindset / skills to sniff out exploitable vulnerabilities in (relatively) short timescales, but most do not.

    3. Lord Elpuss Silver badge

      Re: Seriously?

      "But, ultimately, if a malformed text message can prompt the installation of malware, then Apple are the ones who bear responsibility for this glaring security oversight."

      What an epically moronic statement.

  3. LDS Silver badge
    Joke

    The real problem is NSO didn't pay Apple to run on iDevices...

    .... and that's the biggest crime you can commit in Cupertino.

    1. Anonymous Coward
      Anonymous Coward

      Re: The real problem is NSO didn't pay Apple to run on iDevices...

      Upvote for the joke, not so for what you imply but that's part of the joke :)

  4. Anonymous Coward
    Anonymous Coward

    I’m fairly cynical about the entire exercise. Something tells me the lawsuit is a PR exercise so Apple can claim they did something about the issue after outrages like the murder of Khashoggi; whilst behind the scenes it’s business a usual for the spooks.

  5. Unbelievable!

    But .. Isn't U.S 4 letter agencies and allies doing exactly the same stuff as NSO ?

    Seems like U.S just doesn't want other nations to do as US and the other 7 eyes nations do.

    Once again U.S is the world police. (no i'm not sticking up for NSO, i just see a slightly wider picture.)

    1. David 132 Silver badge
      FAIL

      Re: But .. Isn't U.S 4 letter agencies and allies doing exactly the same stuff as NSO ?

      No, you're trolling for your masters in Beijing/Moscow/Tehran, and doing a pretty piss-poor job at it. No 50 cent payment for you.

      1. Unbelievable!

        Re: But .. Isn't U.S 4 letter agencies and allies doing exactly the same stuff as NSO ?

        Trolling? I won't rise to your attempt at insulting me, or the FAIL icon. You're clearly against the idea of acceptance of facts. If you won't listen to my point of view, then look around for yourself.

        As for trolling, Not at all. Nobody's side but my own. You, they and everyone else can LIKE the universal data collection and surveillance by the 7 eyes or whosoever else you choose, but i dont have to and i wont insofar as i can.

        It's Wrong. US, China, Russian, Middle east etc whoever does it. Russia and the other nations probably do similar.

        But here in britain, we're served western news and political policies. Again in britain, it seems U.S interefere with everything around the world. You forget about Snowden leaks. And those agencies are all still doing that stuff. We just know about it now. "do as we say not as we do".

      2. Anonymous Coward
        Anonymous Coward

        @David 132 - Re: But .. Isn't U.S 4 letter agencies and allies doing exactly the same stuff as NSO ?

        You lost this one, buddy. It was no China/Russia/Iran that was spying on German Chancellor's phone.

    2. Clausewitz 4.0 Bronze badge
      Devil

      Re: But .. Isn't U.S 4 letter agencies and allies doing exactly the same stuff as NSO ?

      This is WAR.

      USA + folks are doing it and trying to make others not to do.

      And they are still using NSO.

      1. Unbelievable!
        Black Helicopters

        Re: But .. Isn't U.S 4 letter agencies and allies doing exactly the same stuff as NSO ?

        lol

    3. Tim99 Silver badge
      Big Brother

      Re: But .. Isn't U.S 4 letter agencies and allies doing exactly the same stuff as NSO ?

      ...US and the other 7 eyes nations? I know who the 5, 9, and 14 eyes countries are, but that I hadn't heard of before.

      1. trindflo Bronze badge
        Trollface

        Re: But .. Isn't U.S 4 letter agencies and allies doing exactly the same stuff as NSO ?

        I was wondering who the 4 letter agencies were?

        The ACUS? https://www.usa.gov/federal-agencies/administrative-conference-of-the-united-states

        Perhaps these blackhearts? https://www.usa.gov/federal-agencies/advisory-council-on-historic-preservation

    4. Joe W Silver badge

      Re: But .. Isn't U.S 4 letter agencies and allies doing exactly the same stuff as NSO ?

      The interesting thing is that an American ruling just has no effect in other countries[+]. So dictators (and the three letter agencies) can continue doing this kind of stuff elsewhere.

      The idea that this kind of spyware (or any...) should have no place on people's phones in in principle not too bad, and one has to start in some jurisdiction, and maybe others will follow - and this should also aim[°] at ending Uncle[*] Sam's (and others') actions; this is but a hope, and not a terribly realistic outcome, I fear.

      [+] Except that the US do have delusions of grandeur, thinking their laws apply world-wide (DMCA?)

      [°] aim at != will hit the target (in this case: achieve anything)

      [*] uncle[#]? Yeah, you cannot chose your family, only your friends

      [#] maybe a bit like uncle Ernie, or what his name was, in "Tommy".... :/

      1. Clausewitz 4.0 Bronze badge
        Devil

        Re: But .. Isn't U.S 4 letter agencies and allies doing exactly the same stuff as NSO ?

        Reminds me of a Piratebay legal response pearl:

        We are well aware of the fact that The Pirate Bay falls outside the scope of the DMCA – after all, the DMCA is a US-specific legislation, and TPB is hosted in the land of vikings, reindeers, Aurora Borealis and cute blonde girls.

  6. Anonymous Coward
    Anonymous Coward

    There are other options.....

    .......like the burners in use by me and my pals! Even if the phones got NSO hacks (they haven't), the snoops don't know much about who's talking!

    *

    Disciplined use also helps......I know......very rare!

    *

    Throwing phones away regularly also helps.

    *

    It really is a pity that this is even necessary....but people need to take control of their own privacy and security (as far as they can)......because Apple, Google, the NSA, the GCHQ and who knows who else simply don't care.....too much money......too many folk out there who really want the STASI back.

    1. Lord Elpuss Silver badge

      Re: There are other options.....

      Please don't breed.

    2. Pascal Monett Silver badge
      Thumb Down

      Re: Throwing phones away regularly also helps

      Thank you for helping to increase the amount of toxic waste third-world children have to deal with.

    3. BrownishMonstr
      Joke

      Re: There are other options.....

      Apple and I agree, that's why I get a brand-new spanking iPhone every year.

  7. Norman123

    I hope this becomes a trend against all hacking spyware floating around abusing cyberspace for power and profiteering at any cost. Any company whose software is attacked by known and proven attackers should be sued and their responsible officers be thrown into the slammer in addition to losing their shirts, trousers and being tar/feathered....

    People buy gadgets to enhance the quality of their lives, not be spied upon and abused.

    Another plague is the telemarketers. Now they have a way to call from fake local numbers and no one is there to defend the taxpayers from these wolves of cyberspace.

    1. jgarbo
      Pirate

      Excue me, Karen...

      Does tough guy Cook realize he's dealing with Mossad? They really are tough. Be polite, Timmy, or they'll incinerate you.

      1. Clausewitz 4.0 Bronze badge
        Devil

        Re: Excue me, Karen...

        Mossad guys are a bunch of sissies. Go after them with a knife/stiletto and they freak out.

        Third-world countries police and military are tough.

      2. DS999 Silver badge

        Re: Excue me, Karen...

        What are you implying, that they would assassinate a US citizen and CEO of the world's largest company?

  8. Anonymous Coward
    Anonymous Coward

    What colour?

    Pot, meet kettle

    1. Lord Elpuss Silver badge

      Re: What colour?

      Who's the kettle in your view?

  9. pavel.petrman Silver badge

    Terrorists and paedophiles

    ... seem to work well as an excuse for everything amoral an illegal these days. Not long ago the excuse was called "class enemy" where I live, though it worked to exactly the same effect.

    1. Clausewitz 4.0 Bronze badge
      Devil

      Re: Terrorists and paedophiles

      Point of view

      Israeli government often considers terrorists - Intelligence from Palestine or Pakistan

      Palestine or Pakistani government often considers terrorists - Intelligence from Israel

      Age of consent - It is cultural

      Age of consent in Brazil is 14 years old

      Age of consent in India is 15 years old for a married couple, 18 if dont

      Age of consent globally varies from 11 to 21

      UK folks view guys from Angola marrying 12-year-old girls as paedophiles, people from Angola don't.

      1. pavel.petrman Silver badge

        Re: Terrorists and paedophiles

        I wouldn't be surprised, really, if a (proxy) country somewhere raised the age of consent selectively to the age of 99 for a person of a specific interest to a democratic country expressly founded to foster and defend freedom of its citizens, in order to get the now paedophile arrested and tried for their terrible, abhorrent crime. Or at least getting the contents of their smartphone fought against, because terrorism, paedophiles and pgp keys. These evil paedophile.

  10. Barrie Shepherd

    ""“Thousands of lives were saved around the world thanks to NSO Group's technologies used by its customers,” a spokesperson for the developer told us today."

    That's OK then - 'think of the children', 'the end justifies the means', 'collateral damage along the way is acceptable', and NSO should be elevated to Saviours of the World. /s

    The fact is NSO Group found a business opening - doing for (any) Government that which that government could not, in all conscience, do it's self. I have no doubt that entities within the UK Government will be using NSO technology as will those in the US, Australia, Canada, ........ etc.

    I'm no Apple ambassador, and don't own any iThings, but in this I have sympathy for their plight - not that a US Court determination will stop NSO, Google should join Apple in the action.

    Governments will always resort to illegal means when they can't get their way legally - just occasionally they get caught out but then they say sorry and run the "Thousands of lives were saved", "Children were protected", with Minister "I have no recollection" mantras, wash, eat humble pie, and continue as usual. What's the betting Priti Patel's Home Office is using (obviously without 'her knowledge') NSO products to further her draconian ends?

    I just hope the hacking community target NSO!

    1. iron Silver badge

      If the Home Office hasn't bought Pegasus already then Patel would but it herself. She probably has shares in NSO Group.

  11. You aint sin me, roit
    Paris Hilton

    A bit Streisand...

    "Yes, our phones aren't secure, but it's really, really mean of you to exploit it"

    1. doublelayer Silver badge

      Re: A bit Streisand...

      Ah, yet another call for perfect code. I like this site as a news source because most articles assume a degree of technical knowledge, and most participants on the forum seem to have that. Sadly, not always. If I come to your house and determine that I can break in without you knowing, it's still a crime if I do it. You should know this.

      1. You aint sin me, roit

        Re: A bit Streisand...

        I won't indulge in willy waving technical credentials, in any case you missed the point.

        Apple Marketing: Our phones are secure, we put your privacy first, our walled garden secures your phone, you don't get malware on Apple products.

        Apple Developers: That's the idea but we're not there, people keep finding vulnerabilities. We're playing catch-up.

        Apple Legal: We'll sue anyone exploiting vulnerabilities (that they found in our code).

        The legal team is highlighting the "over exuberant" nature of the marketing claims.

        Also, for the non-technically minded, if I don't lock my door and you steal my stuff, while it's still a crime my insurance won't pay out.

        1. doublelayer Silver badge

          Re: A bit Streisand...

          You don't need a lot of technical knowledge to realize that the marketing on more security doesn't mean perfect security, and that you'll never get perfect security. All Apple's marketing means is that you get the security updates they make faster than their competitors (no waiting for device manufacturer and possibly a carrier reseller to release the patch as some Android devices do). They're also happy to praise their App Store review which keeps out more malware (though not all), but as NSO didn't post theirs to the App Store, it's irrelevant in this case. You are asking Apple to produce effectively bugless code and claiming that, when they don't do so, it invalidates every security claim they've made. It doesn't work that way.

          And whatever your insurance contract may say, if I walk through your unlocked front door and take your stuff, I've still committed a crime and can go to prison for it. NSO didn't attack a device with no protections; they had to break some protections to get what they wanted, but even if they didn't, it would still have been illegal for them to do it.

  12. Potemkine! Silver badge

    It may be hypocrite, but it's a good move anyway.

    Apple argued that though NSO sells Pegasus to foreign governments and others, the developer is heavily involved in each deployment of the tracking software, and thus needs to be held responsible for the ultimate use of the code

    Good luck with that. It won't happen because the same argument could then be used against weapon makers, and those are untouchables.

    Thousands of lives were saved around the world thanks to NSO Group's technologies used by its customers

    Tell that to Khashoggi's children! What a weaselish answer. With that kind of answer they show what kind of people they are.

    1. Furious Reg reader John

      You would be misleading Khashoggi's kids if you tell them it was NSO that kidnapped, tortured, killed and dismembered him and then disposed of the body parts. Or maybe I misunderstood what you meant when you said that is shows what kind of people NSO are.

  13. Geoff Campbell
    Coat

    I sense this is not going to be a popular opinion...

    What business is it of Apple what software runs on their devices after they have been sold?

    I mean, sure, I wish for NSO Group to die in a collective ditch, along with all similar parasites. But I am rather uncomfortable with the concept that a device manufacturer has any sort of legal path to mandate what can or cannot be run on a device that they have sold.

    I think this is one of those cases where I fervently wish that both sides could lose.

    GJC

    1. doublelayer Silver badge

      Re: I sense this is not going to be a popular opinion...

      Please read the article. They didn't say that they're entitled to damages because "You ran code on devices we made and those are ours". They said that NSO used Apple's services, the ones that run on Apple's servers, that you have to agree to a contract to use, and that you can choose not to use, and that NSO broke the contract in their malicious use of those services. Entirely different.

      You have objected to an argument they never used, and your conclusions are entirely built on your failure to follow their claims.

      1. Geoff Campbell

        Re: I sense this is not going to be a popular opinion...

        I confess, I'm not a lawyer, and I took some of the statements in the article at face value without doing a full breakdown of the legal arguments.

        I am still not as comfortable as you appear to be with the situation.

        GJC

        1. doublelayer Silver badge

          Re: I sense this is not going to be a popular opinion...

          If you're still uncomfortable based on your points from the first comment, then your discomfort is based on a misunderstanding. Apple never said what you think they did. Maybe you will also dislike the argument they did make, but you do have to understand the argument they're making so you don't assume they have exerted an ownership or control right that they haven't done. When they have implied that elsewhere, most recently in their App Store monopoly case, I have agreed with you and opposed them. That's not what's happening this time.

  14. jollyboyspecial

    "The steps we’re taking today will send a clear message: in a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place,” said Ivan Krstić, head of Apple Security Engineering and Architecture

    OK mate so what you're saying here is that Apple phones are vulnerable to malware installation? Something that Apple keep on denying.

    You're also effectively admitting that you can't do anything to prevent this without resorting to legal action?

    Your job title is Head of Apple Security Engineering and Architecture?

    Maybe you're not as good at your job as you think you are?

    1. doublelayer Silver badge

      "OK mate so what you're saying here is that Apple phones are vulnerable to malware installation? Something that Apple keep on denying."

      No, they don't. They call out security fixes in literally every IOS update. That indicates that IOS was in need of security fixes then, and they've never said it would now be perfect.

      "You're also effectively admitting that you can't do anything to prevent this without resorting to legal action?"

      No, he didn't. He said that the abuse of security holes was illegal, so they were justified in bringing legal action. He did not say that was the only method available to him, and Apple's patching of NSO's exploits proves that it is not.

  15. jollyboyspecial

    Since Apple claim to be the good guys I hope that should they win they will be handing the cash to every iPhobe owner who's device was infected with this malware.

    If they don't I suggest that every iPhone owner who suspects they may have been infected sues Apple. After all Apple's lawsuit clearly states that they believe that this malware getting onto iPhones is a very bad thing. A thing so bad that financial recompense is necessary. In that case the very fact that they allowed this software to be installed means that they are jointly responsible and should compensate their customers.

    1. DS999 Silver badge

      Not to the victims

      But they are donating $10 million along with anything they may collect from this lawsuit to groups like Citizen Lab and Amnesty Tech pursuing "cybersurvellience research and advocacy".

    2. doublelayer Silver badge

      "the very fact that they allowed this software to be installed means that they are jointly responsible and should compensate their customers."

      They did not allow it to be installed. They didn't know, so didn't allow or deny. They do not have the responsibility to police everything you do on your device, and when they take a few steps toward even thinking they have the right to do that, we complain about them and they get sued for limiting user choice, actions I emphatically support.

  16. Tim Almond

    Reputation

    This is really about embarrassing Apple. They're a trillion dollar company who make most of their profit from one product and one of the two of 3 biggest marketing points about the iPhone is privacy.

    It's not explicit, but the point of their marketing is that Android shares your data, and it's well worth spending 5 times the price of a Moto for a nice piece of jewellery and that your data won't be shared.

    Stories about malware that can work by simply opening an email damage that reputation. Yes, I'm sure that Android has the same problems, but Apple explicitly market on this point, like Android doesn't. And if you're just saying that your phone is as secure as an Android, why not buy an Android (they still work as jewellery, I suppose).

  17. johnnyblaze

    Spying

    The footnote to Apple's filing is;

    "We strongly resent any external 3rd party spying on Apple device users and collecting data without their consent. We believe only we (Apple) should have the right to do that, and will continue to defend that right to the utmost extent of the law"

    That about sums it up!

  18. CAPS LOCK

    Irony level...

    ...infinity...

  19. Salts

    Problem with this is ...

    It's the fact that companies like NSO(which are stated sponsored) pay massive bounties for zero-day exploits. I seem to recall the bounty on Pidgin messenger was $100k that was more than the project had in finances for 3 years. So whether you like Apple or not at least their going after the likes of the NSO does help, the smaller devs can't defend themselves against this, but, Apple & Facebook etc can hit them hard, hopefully, hard enough to break them. Also remember apple will be going for discovery, which should make very interesting reading for all.

  20. EricB123 Bronze badge

    It's ok if...

    Anytime you need a reason to write spyware, just say the world needs this spyware to stop pedophiles. Then it's perfectly ok to do almost anything.

  21. mark l 2 Silver badge

    “Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO group will continue to advocate for the truth.”

    Ah the 'won't someone think of the children' defence.

  22. Paul Hovnanian Silver badge

    National Security Letters

    "Any time Apple discovers activity consistent with a state-sponsored spyware attack, Apple will notify the affected users in accordance with industry best practices."

    Yeah, right. When NSOs software is installed at the behest of one of our TLAs, lets see how long they stand by this principle. Even warrant canaries have not stood up well in the face of executives being offered holidays at Club Fed.

    Other countries reach might vary, but I wouldn't wany to be the Apple sales rep making a sales call on some despotic regime following a violation of their edicts. And Russia (for one) is getting set to demand in-country offices (hostages).

    1. Salts

      Re: National Security Letters

      Think Apple have always been clear on this if it's on a users phone they won't help. If it is on their servers and you have a legal right to the data here you go take it. Same as Google, Microsoft et all. I don't like their stance on China, but, that's another matter.

      1. Clausewitz 4.0 Bronze badge
        Devil

        Re: National Security Letters

        Ok for Apple. Not for Google, Microsoft.

  23. Voidstorm
    Big Brother

    I have to ask this ...

    ... Which governments, in practice, *haven't* NSO sold to, and

    Of those not sold to, did they all have something better at can opening of their own already?

    Don't think the tinfoil Faraday Cage is gonna work on this one, Jack (Ryan)

    ;) 8)

  24. Anonymous Coward
    Anonymous Coward

    https://www.mintpressnews.com/meet-toka-the-most-dangerous-israeli-spyware-firm-youve-never-heard-of/278020/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022