In 2019, WhatsApp realized that PegasusNSO’s dreaded spy malware, exploited a flaw in its messaging to infect its users’ smartphones. Once installed, this spyware can extract emails, SMS and photos, and take control of the microphone and camera.
After deploying a patch as quickly as possible, the instant messenger filed a complaint against NSO, the controversial Israeli company behind Pegasus. For WhatsApp, Pegasus compromised a total of 1,400 smartphones between 2018 and 2020. Pegasus’ alleged victims include journalists, human rights activists, political dissidents, diplomats, and high-ranking government officials.
Also read: after Pegasus, a new spyware compromises iPhones to spy on them
NSO practices revealed
Five years after the start of the trial between WhatsApp and NSO, documents from the current investigation have come endorse the accusations messaging. The documents, relayed by the media The Record, demonstrate that Pegasus used WhatsApp vulnerabilities as part of espionage operations. The California federal judge in charge of the case ordered the release of the documents last week, the media reports.
The documents, which include employee depositions and internal messages, confirm that 1,400 devices did fall under the control of Pegasus because of the WhatsApp flaws. In 2018, the virus notably used a fake WhatsApp client to exploit a still unknown breach. This flaw was corrected a few months later.
In response, NSO used another attack vector, called Eden, to bypass WhatsApp fixes and forcefully enter users’ phones. Finally, the documents also identify a third vector, called Erised, which is even more formidable. It does not require any interaction from the victim to deploy the malware. The vector was exploited until May 2020, a few months after WhatsApp’s complaint was filed.
“NSO continued to use and make Erised available to customers even after this litigation was filed, until changes to WhatsApp blocked its access”specifies WhatsApp.
NSO’s confessions
One of the heads of research and development at NSO “confirmed that these vectors worked precisely as the plaintiffs claimed”we can read in a court filing. Forced to give a statement, the Israeli group admitted to having developed attack vectors in “decompiling WhatsApp code” pour “understand how to bypass the security measures built into it”.
The official admits that these offensives targeted “hundreds, if not tens of thousands of devices”. As Meta’s messaging points out, NSO’s activities “violated American law”. The Israeli company has always defended itself by ensuring that it is its customers who are responsible of the way they use Pegasus. The documents formally show that NSO is deeply involved in the entire infection process.
“The customer simply places an order for data from a target device, and NSO controls all aspects of the data retrieval and delivery process through its Pegasus design”constate WhatsApp.
Despite the evidence, NSO still claims that “the system is operated solely by our customers and neither NSO nor its employees have access to the information collected by the system”.
As a reminder, WhatsApp is not the only digital giant to have filed a complaint against NSO. Apple also filed a lawsuit against the firm in 2021. The Cupertino giant wanted the courts to prohibit NSO from using its services and tools, before reversing course. Apple recently asked the US courts to drop its complaint, fearing that the trial would force it to disclose information related to the security of the iPhone.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
The Record
