Facebook is taking spyware vendor NSO Group to court over allegations that the Israeli firm developed and helped to deploy malware that was used to target over 1000 WhatsApp users.
The threat in question was discovered back in May, targeting video call users without them even needing to pick up. Victims would receive a call while in the background a specially crafted series of SRTCP packets allowed the attacker to install the NSO Group’s Pegasus spyware on either iOS or Android devices.
Facebook rolled out a fix for the buffer overflow vulnerability in the WhatsApp VOIP stack, but did not release any further details at the time.
Now it is claiming the Israeli firm, which claims only to sell its wares to help legitimate law enforcement and government intelligence agencies, was directly behind the attacks on 1400 WhatsApp users.
It alleged that the “attackers used servers and internet-hosting services that were previously associated with NSO.”
Moreover, the attacks themselves were not used for legitimate policing efforts, but targeted journalists, human rights activists, political dissidents, and senior government officials — with the majority of victims located in Bahrain, the United Arab Emirates and Mexico, Facebook claimed.
“We agree with UN pecial rapporteur for Freedom of Expression David Kaye’s call for a moratorium on these attacks. There must be strong legal oversight of cyber weapons like the one used in this attack to ensure they are not used to violate individual rights and freedoms people deserve wherever they are in the world,” the firm noted in a lengthy statement.
“Human rights groups have documented a disturbing trend that such tools have been used to attack journalists and human rights defenders. Working with research experts at the Citizen Lab, we believe this attack targeted at least 100 members of civil society, which is an unmistakable pattern of abuse.”
WhatsApp alleges that NSO has violated US and California laws and its own Terms of Service, which prohibits such abuses.