Saturday, July 13, 2024

US Court Orders NSO Group to Handover Code for Spyware, Pegasus to WhatsApp

Meta, the company that owns WhatsApp, filed a lawsuit against NSO Group in 2019. The lawsuit claims that NSO took advantage of a vulnerability in WhatsApp to install the Pegasus spyware on certain user devices without their permission.

This means NSO exploited a flaw in WhatsApp to install spyware on specific phones without authorization.

As per the court document, Judge Hamilton has ordered NSO Group to reveal all spyware code related to the alleged attacks from April 2018 to May 2020 in response to WhatsApp’s lawsuit.

This contains detailed information about the spyware’s functions and signifies a major advancement in the ongoing legal dispute, as WhatsApp aims to acquire insights into the inner workings of Pegasus for defensive reasons.

Lawsuit Background

The case WhatsApp filed against NSO Group, in which the company is accused of targeting 1,400 users with the Pegasus malware, is gaining momentum.

In a recent ruling, the court rejected NSO Group’s efforts to evade responsibility by ordering the disclosure of pertinent documents and code.

Because it might reveal Pegasus’s technological capabilities and aid in legal action, this revelation might be crucial evidence for the people Pegasus targeted.

Additionally, Pegasus’s alleged abuse against political leaders is the focus of investigations in Spain and Poland.

This spyware’s technological abuse has been more understood and addressed thanks to these investigations and the developments in the WhatsApp case.

Count Response

WhatsApp has taken legal action against NSO Group, claiming that the latter’s Pegasus spyware infected 1,400 devices, including those of journalists, activists, and government officials, by using a WhatsApp vulnerability (CVE-2019-3568).

WhatsApp wants the NSO source code to figure out the vulnerability and maybe build a defense.

The court ignores NSO’s sovereign immunity claims and orders to disclose attack-related code while classifying client and server architectural specifics.

This is a massive victory for WhatsApp, but other companies in the spyware sector are still operational despite penalties and government pressure, and NSO is also facing litigation along these lines.

Despite the NSO’s assertions that it is solely intended for recognized nations, Pegasus has widely targeted human rights advocates and journalists.

To seek compensation, victims of Pegasus must first determine who is using it.

The decision of Judge Hamilton allows victims of the Pegasus spyware to take legal action by suing WhatsApp to uncover the identity of the malware’s deployer.

This decision aligns with WhatsApp’s values of user safety and discouraging bad actors from abusing the platform, which is why WhatsApp supports it.

A precedent for corporations to be held liable for aiding spyware assaults has been established by this decision.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles