Security Bite: A brief history of the legal battle between Apple and NSO

9to5Mac Security Bite is brought to you exclusively by Mosyle, the only unified Apple platform. We keep Apple devices ready and enterprise-grade. Our unique integrated approach to management and security combines cutting-edge Apple-specific security solutions for fully automated hardening & compliance, next-generation EDR, AI-powered Zero Trust and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a fully automated Apple Unified Platform that is currently trusted by over 45,000 organizations to get millions of Apple devices ready effortlessly and at an affordable cost. Request your EXTENDED TRIAL today and find out why Mosyle is everything you need to work with Apple.

Earlier last week, we learned that Apple was dropping its three-year-old lawsuit against the well-known spyware maker NSO Group. The news came as a shock, especially since Apple won the case. In this week's edition of Safety biteLet's take a quick look at the legal battle that could have set significant precedents in digital privacy, and why Apple suddenly wants to pull out completely.

To Safety bite: Security Bite is the security-focused column on 9to5Mac. Every week Arin Waichulis sheds light on the latest developments in privacy, vulnerabilities and new threats in Apple's vast ecosystem with over 2 billion active devicesS.

In 2021, Apple made a rare announcement through its newsroom, announcing its lawsuit against the Israel-based company, with the goal of holding NSO Group accountable for the misuse of its Pegasus spyware.

Sold to several authoritarian governments to spy on their citizens, this extremely difficult-to-detect form of malware allowed undetected access to the microphone, camera, and other sensitive data of an iPhone or Android device, creating a dangerous situation for activists, government officials, journalists, and dissidents. Not to mention the perception of Apple as a brand, especially at the height of the “Privacy. That's iPhone” campaign.

“State-sponsored actors like NSO Group are spending millions of dollars on sophisticated surveillance technologies with no accountability. This must change,” said Craig Federighi, Apple's senior vice president of software engineering. “Apple devices are the most secure consumer hardware on the market – but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats affect only a very small number of our customers, we take every attack on our users very seriously and are constantly working to strengthen security and privacy in iOS to protect all of our users.”

Early versions of Pegasus required users to click on a link sent via iMessage. However, the attack chain quickly evolved. That same year, researchers from Google's Project Zero team discovered a newer attack chain that implemented a zero-click exploit in iMessage. This now meant that a user no longer had to click or interact with the attack to be infected.

Apple claimed that NSO's actions violated the Computer Fraud and Abuse Act and sought damages and an injunction to keep NSO's software off the iPhone.

NSO's defense? The group claimed its software was designed only for government agencies and law enforcement purposes, such as fighting crime and terrorism. It reiterated its defense earlier this year on the basis of sovereign immunity, claiming it was protected from legal liability because its customers were foreign governments.

Apple's withdrawal

In a surprise court filing on Friday, Apple abruptly decided to drop its lawsuit against NSO Group, arguing that continuing would pose “too much of a risk.” As The Washington Post's Joseph Menn reported, Apple alluded to a scenario in which disclosing documents to NSO's lawyers about how the company discovered the exploits could result in Apple's vulnerability and threat detection secrets falling into the wrong hands. NSO lawyers would become hot targets for hackers overnight. And if there's one thing Apple hates, it's lawyers… well, at least under Jobs.

“Because Apple currently uses its threat intelligence to protect every single one of its users around the world, any disclosure, even under the most stringent controls, is at risk,” the company wrote in the filing.

So it seems that Apple is now more focused on its improved capabilities to track the once-formidable NSO Group and other spyware vendors and notify users who may be at risk. We've seen examples of this before. In April, Apple sent out alerts to potential victims in 92 countries describing how an emerging mercenary attack could remotely compromise their devices. The goal was defensive: to contain the compromise as much as possible while engineers worked on a fix.

Related: Apple wants to withdraw three-year-old lawsuit against spyware company

Follow Arin: Twitter/XLinkedIn, Threads