456/67 Wednesday, December 25, 2024
WhatsApp, a messaging application owned by Meta Platforms, has won a significant legal case against NSO Group, an Israeli commercial spyware developer. The victory came after a district judge in California ruled in favor of WhatsApp, citing NSO Group’s violation of security protocols by exploiting vulnerabilities in the system to deploy Pegasus spyware.
Judge Phyllis J. Hamilton stated, “Evidence shows that the defendant’s Pegasus code was transmitted through the plaintiff’s servers in California 43 times during May 2019.” The court strongly criticized NSO Group for repeatedly failing to provide relevant information and disregarding court orders. This included refusing to submit the source code of Pegasus and limiting access to Israeli citizens while in the country. The information NSO Group provided to WhatsApp pertained only to Amazon Web Services (AWS) servers and did not fully encompass the code necessary to illustrate the complete functionality of Pegasus. Judge Hamilton remarked, “NSO’s non-compliance with court orders raises serious concerns about transparency and cooperation in the justice process.”
Will Cathcart, WhatsApp’s executive, stated in a press release, “This is a major victory for privacy. We have spent five years fighting to prove that spyware companies cannot evade accountability for illegal activities.” WhatsApp initially filed the lawsuit against NSO Group in late 2019, alleging that the company had unauthorized access to WhatsApp servers. They exploited a vulnerability in the app’s voice-calling feature (CVE-2019-3568) to install Pegasus on 1,400 devices in May of that year. Court documents further revealed that NSO Group continued to use WhatsApp as a distribution channel for Pegasus until May 2020.
NSO Group maintains that its products are intended for use by governments and law enforcement agencies to combat serious crimes such as terrorism, child sexual abuse, and money laundering, as well as to support search and rescue missions. However, evidence indicates that Pegasus has been misused by authoritarian regimes and governments in several countries to spy on activists, politicians, and journalists. This ruling underscores the importance of protecting privacy and addressing the threats posed by spyware in the digital age.
Source https://thehackernews.com/2024/12/us-judge-rules-against-nso-group-in.html
