U.S. Judge Orders NSO Group to Hand Over Pegasus Source Code to Meta Amid Legal Battle
In a significant turn of events, a U.S. judge has ruled that NSO Group must provide its source code for Pegasus and other products to Meta, formerly known as Facebook. This decision comes as part of Meta’s ongoing legal battle against the Israeli spyware vendor.
Table of Contents
judge group pegasus meta meta
The lawsuit, initiated by Meta in October 2019, alleges that NSO Group exploited Meta’s infrastructure to distribute the Pegasus spyware to approximately 1,400 mobile devices, including those of two dozen Indian activists and journalists, between April and May of an undisclosed year.
read also : Strengthening SaaS Security
These attacks utilized a then zero-day vulnerability in the instant messaging app, WhatsApp (CVE-2019-3568, CVSS score: 9.8), which allowed Pegasus to be delivered through a critical buffer overflow bug in the app’s voice call functionality. Notably, the spyware could be deployed simply by placing a call, even if unanswered, with efforts made to erase call information from logs to avoid detection.
Legal Tussle Unveils Partial Disclosure of NSO Group Spyware Functionality
Court documents revealed that NSO Group has been instructed to disclose information regarding the full functionality of the spyware, covering the period one year before the alleged attack until one year after (from April 29, 2018, to May 10, 2020). However, the company has been exempted from providing specifics about its server architecture, as Meta could potentially extract this information from the spyware’s functionality.
Critics of the ruling, such as Donncha Ó Cearbhaill, head of the Security Lab at Amnesty International, express disappointment that NSO Group will not be compelled to reveal the identities of its clients, who are accused of using the spyware for unlawful targeting.
NSO Group Legal Battle: A Critical Chapter in the Oversight of Surveillance Technology
This development follows previous actions taken against NSO Group, including sanctions imposed by the U.S. government in 2021. The sanctions were a response to allegations that NSO Group supplied cyber weapons to foreign governments, enabling malicious targeting of government officials, journalists, activists, and other individuals.
The outcome of this legal battle could have far-reaching implications for the surveillance technology industry, particularly concerning the accountability of companies that develop and supply such tools. As Meta continues its pursuit of justice, the case sheds light on the complex intersection of technology, privacy, and international law.