Priya Patel
TLDR:
- A U.S. judge has ordered NSO Group to hand over its source code for Pegasus spyware to Meta.
- The spyware was used to target Indian activists and journalists by exploiting a zero-day flaw in WhatsApp.
Article Summary:
A U.S. court has ruled that NSO Group must provide Meta with the source code for its Pegasus spyware as part of an ongoing lawsuit. Meta filed the lawsuit in 2019, alleging that NSO Group used its infrastructure to distribute the spyware to around 1,400 mobile devices, including those of Indian activists and journalists. The attacks exploited a critical buffer overflow bug in WhatsApp, allowing Pegasus to be delivered simply by placing a call.
The court has asked NSO Group to share information about the spyware’s functionality during a specific time frame around the alleged attacks. While NSO Group is not required to disclose the identities of its clients, Amnesty International has expressed disappointment over this decision, as it believes the clients are responsible for the unlawful targeting.
In addition to the legal battle between Meta and NSO Group, privacy and consumer groups in the European Union are criticizing Meta’s “pay or okay” subscription model, which they argue forces users to choose between paying for privacy or consenting to being tracked by the company. This model has raised concerns about GDPR regulations and the fundamental right to privacy.
Recorded Future has also uncovered a new delivery infrastructure associated with the Predator mobile spyware, highlighting the persistent challenges posed by entities like NSO Group in the surveillance technology landscape. Sekoia’s report further reveals the presence of Predator-related domains in countries such as Botswana, Mongolia, and Sudan.
