Saturday, April 13, 2024

US Court Orders NSO Group to Handover Code for Spyware, Pegasus to WhatsApp

Meta, the company that owns WhatsApp, filed a lawsuit against NSO Group in 2019. The lawsuit claims that NSO took advantage of a vulnerability in WhatsApp to install the Pegasus spyware on certain user devices without their permission.

This means NSO exploited a flaw in WhatsApp to install spyware on specific phones without authorization.

As per the court document, Judge Hamilton has ordered NSO Group to reveal all spyware code related to the alleged attacks from April 2018 to May 2020 in response to WhatsApp’s lawsuit.

This contains detailed information about the spyware’s functions and signifies a major advancement in the ongoing legal dispute, as WhatsApp aims to acquire insights into the inner workings of Pegasus for defensive reasons.

Lawsuit Background

The case WhatsApp filed against NSO Group, in which the company is accused of targeting 1,400 users with the Pegasus malware, is gaining momentum.

In a recent ruling, the court rejected NSO Group’s efforts to evade responsibility by ordering the disclosure of pertinent documents and code.

Because it might reveal Pegasus’s technological capabilities and aid in legal action, this revelation might be crucial evidence for the people Pegasus targeted.

Additionally, Pegasus’s alleged abuse against political leaders is the focus of investigations in Spain and Poland.

This spyware’s technological abuse has been more understood and addressed thanks to these investigations and the developments in the WhatsApp case.

Count Response

WhatsApp has taken legal action against NSO Group, claiming that the latter’s Pegasus spyware infected 1,400 devices, including those of journalists, activists, and government officials, by using a WhatsApp vulnerability (CVE-2019-3568).

WhatsApp wants the NSO source code to figure out the vulnerability and maybe build a defense.

The court ignores NSO’s sovereign immunity claims and orders to disclose attack-related code while classifying client and server architectural specifics.

This is a massive victory for WhatsApp, but other companies in the spyware sector are still operational despite penalties and government pressure, and NSO is also facing litigation along these lines.

Despite the NSO’s assertions that it is solely intended for recognized nations, Pegasus has widely targeted human rights advocates and journalists.

To seek compensation, victims of Pegasus must first determine who is using it.

The decision of Judge Hamilton allows victims of the Pegasus spyware to take legal action by suing WhatsApp to uncover the identity of the malware’s deployer.

This decision aligns with WhatsApp’s values of user safety and discouraging bad actors from abusing the platform, which is why WhatsApp supports it.

A precedent for corporations to be held liable for aiding spyware assaults has been established by this decision.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles