Last year, WhatsApp discovered and fixed a vulnerability that was said to have been exploited by the Israeli intelligence agency nsogroup. In some cases, victims may not realize that they have been targeted by spyware. A few months later, WhatsApp filed a lawsuit against the latter to reveal who was behind the scenes. The defendant repeatedly challenged the charges and tried to apply for legal immunity on the ground of compliance with government orders, but failed to persuade the US court to withdraw the case earlier this year.
The latest news is that a coalition of technology giants and Internet associations, including Microsoft, Google, Amazon, Cisco, Facebook, twitter, and VMware, have jointly voiced their support for WhatsApp, imploring the court to reject NSO’s claim and not allow it to be exempted.
According to the report, nsogroup was accused of using an undisclosed vulnerability in the messaging application to invade at least 1400 devices, including some journalists and activists.
NSO develops and sells access to its Pegasus spyware to the government, enabling some customers to target and secretly invade target devices. Infected devices can be used to track target locations, eavesdrop on messages, calls, and private content such as photos and files.
Usually, the attack is achieved by fooling the victim into opening malware. However, in some cases, NSO will also take advantage of undisclosed vulnerabilities in apps or mobile phones to infect target devices silently.
Prior to that, the company was severely criticized for selling spyware to government customers in Saudi Arabia, Ethiopia and the United Arab Emirates. Now, the alliance, represented by Microsoft (and its subsidiaries LinkedIn and GitHub), has put more pressure on the court.
It points out that the development and delivery of spyware and related tools not only reduces the sense of security of ordinary people, but also puts the whole world at risk of these tools falling into improper hands.
In a blog post, Tom Burt, head of customer security and trust at Microsoft, said that NSO managers should be responsible for the tools they built and the related exploits. Through the lawsuit, it hopes to help protect the global digital ecosystem from more wanton attacks.
At the time of publication, nsogroup had not responded to the matter.