marry 18.11.2024, 11:00 AM
Unredacted court documents revealed that spyware maker NSO Group admitted to developing exploits to infect the phones of around 1,400 WhatsApp users with Pegaz software.
Lawsuit filed by WhatsApp against NSO Group in 2019 revealed how Israel-based NSO operates the powerful Pegaz spyware on behalf of customers. A federal court in California ordered the documents released last week.
The documents also revealed that WhatsApp’s security team repeatedly prevented device infections with Pegasus. Among the victims were journalists, human rights activists, political dissidents, diplomats and high officials of foreign governments.
Pegaz is “zero-click” spyware, meaning that devices could be infected without users doing anything to make it happen.
WhatsApp also claims that NSO admitted to developing and selling spyware used to infect WhatsApp users’ devices and that the company often relied on a clickless install vector called “Eden.”
“NSO’s head of research and development confirmed that these vectors functioned exactly as plaintiffs claim,” WhatsApp’s court filing said.
NSO admitted to developing an exploit by reverse-engineering WhatsApp and “designed and used its own ‘WhatsApp Installation Server’ (“WIS”) to send malicious messages,” the document said. WhatsApp further states that because such messages were sent through WhatsApp servers, they caused the targeted devices to install Pegaz.
A WhatsApp spokesperson said in a statement that new public evidence shows exactly how NSO launched cyber attacks against journalists and human rights activists.
“We will continue to work to hold NSO accountable and protect our users.”
Even after WhatsApp discovered and blocked the vulnerability exploited by NSO in May 2019, NSO admitted to creating another vector, known as Erised, to install Pegasus through WhatsApp servers. What’s more, NSO continued to use Erised on behalf of software customers even after WhatsApp sued NSO, until changes to WhatsApp blocked access after May 2020.
The lawsuit also alleges that NSO (more specifically, its former employees) admitted that its spyware allows users to access “the same information on a target device that you would be able to access if you had the device’s password.”
WhatsApp’s files show a turnkey use of Pegasus – the user “only needed to enter the number of the target device and press Install, and Pegasus will be installed on the device remotely without any involvement”.
“In other words, the customer simply orders data from the target device, and NSO controls every aspect of the data download and delivery process through its Pegasus design,” WhatsApp’s documentation states.
However, an NSO spokesperson said that NSO “stands by its earlier statements in which we have repeatedly detailed that the system is operated solely by our clients and that neither NSO nor its employees have access to the intelligence collected by the system.”
Source: www.informacija.rs
