Lawmakers questioned Apple and FBI about the use of spyware from Israeli NSO Group.

• Two GOP lawmakers have sent letters to Apple and the FBI regarding spyware created by NSO Group, as reported by CNBC.
• Earlier this year, The New York Times reported that the FBI had obtained surveillance technology from the NSO Group.
• Pegasus is a spy tool that enables users to hack into phones and access messages on encrypted apps without the need for the victim to click on a malware link.

Two GOP lawmakers have requested data from the FBI regarding spyware created by NSO Group, an Israeli company, as per letters obtained by CNBC.

The House Judiciary Committee Ranking Member Jim Jordan and subcommittee on civil rights Ranking Member Mike Johnson, both Republicans from Ohio and Louisiana respectively, have written a letter to the FBI regarding their concerns over the agency's acquisition of surveillance technology from the NSO Group, as reported by The New York Times earlier this year.

The FBI's use of NSO's spyware is being scrutinized by the Committee, with a focus on the potential civil liberty implications of using Pegasus or Phantom against U.S. citizens.

An investigation by a coalition of news outlets discovered that NSO's software was used to hack into the phones of journalists and activists. Despite this, the NSO Group denied the findings of the report. However, the Biden administration later blacklisted the company, stating that it had knowingly supplied its technology to foreign governments who used it to "maliciously target" the phones of dissidents, activists, and journalists.

The NSO Group, an Israeli cybersecurity firm, has developed a spy tool called Pegasus that can hack into Apple iOS or Android phones and access messages on encrypted apps without requiring the victim to click on a malware link. The tool has been reportedly used by governments to spy on citizens, and Vice News first exposed its existence in 2016. The Times reported that the Israeli government granted a special license to the NSO Group to use Phantom, a similar tool, to target U.S. phones, but only U.S. government agencies were allowed to buy the tool under the license. The company demonstrated the tool to the FBI, according to the Times.

The acquisition of NSO spyware by the FBI is deeply troubling and poses significant risks to the civil liberties of U.S. persons, according to Jordan and Johnson in their letter to FBI Director Christopher Wray.

The FBI purchased and evaluated Pegasus technology, according to the Times, and contemplated deploying Phantom in the U.S., but ultimately decided against it. However, a letter has been sent requesting that the FBI disclose communications between the agency and the NSO Group or its affiliates regarding the purchase, testing, or use of NSO spyware and the legality of employing Phantom against domestic targets.

Questions about Apple’s ability to detect NSO spyware

Jordan and Johnson wrote to Apple CEO Tim Cook requesting information about the company's ability to detect attacks on iPhones by NSO Group tools. The letter asks for the number of attacks detected, their locations and times, as well as a staff-level briefing on Apple's communication with government agencies regarding the spyware.

Apple is being targeted by the NSO Group with spyware, and the company is seeking an injunction to prevent the group from using any Apple devices or software.

Apple's preference for secrecy has led security researchers to call for more transparency from the company, especially compared to Google and Microsoft. Last year, Apple patched a flaw used by Pegasus, but it's unclear if the NSO technology has other ways to hack iPhones.

The FBI confirmed receipt of the letter but did not provide additional information.

Apple and the NSO Group did not immediately respond to requests for comment.

The FBI routinely evaluates new technologies not only for potential legal use but also to combat crime and protect the American people and civil liberties. This includes identifying, testing, and assessing technical solutions and services for operational and security concerns they may pose in the wrong hands.

The letters are embedded below.

—CNBC’s Kif Leswing contributed to this report.