One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8630531 |
| Date de publication | 2024-11-17 13:13:18 (vue: 2024-12-27 09:08:19) |
| Titre | NSO Group Exploited WhatsApp Zero-Day Even After Lawsuit, Court Docs Say |
| Texte | NSO Group Technologies Ltd. continued to develop spyware that used multiple zero-day WhatsApp exploits even after the instant messaging firm sued the Israeli surveillance firm over violation of federal and state anti-hacking laws, revealed a court filing filed by the messaging app and its parent company Meta that was published on Thursday. Court filings reveal that NSO continued using WhatsApp servers to install Pegasus spyware on phones by calling the targeted device, even after the messaging platform detected and blocked the exploit in May 2019. The allegations stem from a series of cyberattacks against WhatsApp users, including journalists, dissidents, and human rights advocates. “As a threshold matter, NSO admits that it developed and sold the spyware described in the Complaint, and that NSO’s spyware-specifically its zero-click installation vector called “Eden,” which was part of a family of WhatsApp-based vectors known collectively as “Hummingbird” (collectively, the “Malware Vectors”)-was responsible for the attacks described in the Complaint. NSO’s Head of R&D has confirmed that those vectors worked precisely as alleged by Plaintiffs.” reads the court filing. NSO admits that NSO customers used its Eden technology in attacks against approximately 1,400 devices. Following the detection of the attacks, WhatsApp patched the Eden vulnerabilities and deactivated NSO’s WhatsApp accounts. However, the Eden exploit remained active until it was blocked in May 2019. Despite this, the surveillance firm developed yet another installation vector, known as “Erised,” that used WhatsApp servers to install Pegasus spyware in zero-click attacks, NSO admitted. This exploit reportedly remained active and available to NSO customers even after WhatsApp sued the company in October 2019, until further security changes to the messaging platform blocked its access sometime after May 2020. NSO witnesses reportedly declined to confirm whether the spyware maker continued developing WhatsApp-based malware vectors afterward. The company acknowledged that its employees created and used WhatsApp accounts to develop malware for themselves and their clients. This violated WhatsApp’s Terms of Service in several ways, including reverse-engineering the platform, transmitting malicious code, unauthorized data collection, and illegally accessing the service. Meta claimed that these actions also violated the Computer Fraud and Abuse Act (CFAA) and California’s Comprehensive Computer Data Access and Fraud Act (CDAFA), causing WhatsApp damages. NSO has long maintained that it is unaware of its customers’ operations and has minimal control over customers’ use of its spyware, denying any involvement in executing targeted cyberattacks. However, the newly released court documents reveal that the spyware vendor operated its Pegasus spyware, with customers only needing to provide a target number. In one of the court documents, WhatsApp argued that “NSO’s customers’ role is minimal,” given that the government customers were only required to input the phone number of the target’s device and, citing an NSO employee, “press Install, and Pegasus will install the agent on the device remotely without any engagement.” “In other words, the customer simply places an order for a target device’s data, and NSO controls every aspect of the data retrieval and delivery process through its design of Pegasus,” WhatsApp added. The court filings also quoted an NSO employee as saying it “was our decision whether to trigger [the exploit] using WhatsApp messages or not,” referring to one of the exploits the company offered its custom |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | “as “eden “erised “in “malware “nso “nso’s “press “was “we 2019 2020 400 abuse access accessing accounts acknowledged act actions active added admits admitted advocates after afterward against agent allegations alleged also another anti any app approximately are argued aspect attacks available based behind blocked california’s called calling causing cdafa cfaa changes citing claimed claims click clients code collection collectively communications company complaint comprehensive computer confident confirm confirmed continued control controls court created customer customers customers’ cyberattacks damages data day deactivated decision declined defense delivery denying described design despite detailed detected detection develop developed developing device device’s devices dissidents docs documents eden employee employees engagement engineering even every executing exploit exploited exploits family federal filed filing filings firm following forward fraud from further gathered gil given global government group hacking has have head however human illegally including input install installation instant intelligence involvement israeli its journalists known lanier laws lawsuit like long look ltd maintained maker malicious malware many matter may messages messaging meta minimal multiple needing neither newly nor not nso nso’s number october offered one only operated operations opportunity order other others over parent part past patched pegasus phone phones places plaintiffs platform precisely president previous process proven provide published quoted r&d reads referring released remained remotely repeatedly reportedly required responsible retrieval reveal revealed reverse rights role said say saying security series servers service several simply sold solely sometime specifically spyware stands state statement statements stem sued surveillance system target target’s targeted techcrunch: technologies technology terms themselves these the court those threshold through thursday transmitting trigger unauthorized unaware until use used users using vector vectors vectors” vendor vice violated violation vulnerabilities ways whatsapp whatsapp’s whether which will without witnesses words worked wrong yet zero |
| Tags | Malware Vulnerability Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.