NSO Group used WhatsApp exploits after the messaging app sued the spyware developer, court filing says

In a recent court filing, WhatsApp and its parent company Meta have unveiled significant details regarding the operations of NSO Group, a company known for its controversial spyware. The filing, submitted to the U.S. District Court for the Northern District of California, seeks a summary judgment and damages against NSO Group, highlighting the company’s alleged misuse of WhatsApp’s platform.

Revelations of Exploits and Operations

According to the filing, NSO Group exploited vulnerabilities in WhatsApp, notably through a method referred to as “Eden.” Following the detection of these malicious activities in May 2019, WhatsApp implemented changes to mitigate the exploit. However, NSO Group reportedly responded by developing a new malware vector named “Erised,” which continued to use WhatsApp as a means of installation until May 2020, even amidst ongoing litigation. This was not the only exploit mentioned; a third, known as “Heaven,” was disabled by WhatsApp back in 2018.

The court documents indicate that NSO Group has admitted to the existence of these exploits, acknowledging that “Eden” was responsible for approximately 1,400 attacks, as previously claimed by WhatsApp. Furthermore, NSO’s Head of R&D has confirmed that the exploits functioned as alleged by the plaintiffs.

Perhaps most strikingly, the filing suggests that NSO Group plays a more active role in the operation of its spyware than previously claimed. The document states that the involvement of NSO’s customers is minimal, as they merely need to input a target device’s number and initiate the installation process. This raises questions about the extent of control NSO maintains over its spyware, particularly the Pegasus system, which is designed to operate autonomously once initiated by the customer.

In response to these allegations, Gil Lanier, NSO Group’s vice president of global communications, reiterated the company’s stance that its systems are operated solely by clients, asserting that NSO does not access the intelligence gathered by its software. He expressed confidence that the claims made in the filing would ultimately be disproven in court.

This lawsuit, now five years in the making, is part of a broader effort to hold spyware companies accountable for their actions. A spokesperson for WhatsApp emphasized that the evidence presented in the filing illustrates how NSO’s operations allegedly violated U.S. law and targeted vulnerable individuals, including journalists and human rights activists. The company remains committed to pursuing accountability and safeguarding its users from such threats.

AppWizard
NSO Group used WhatsApp exploits after the messaging app sued the spyware developer, court filing says