WhatsApp gained access to Pegasus source code after winning in court

NSO Group will have to hand over the source code of its notorious Pegasus spyware to WhatsApp, a US district court has ruled.

WhatsApp is involved in a legal battle with US company NSO Group alleging that more than 1,400 WhatsApp users were spied using the Israeli company's Pegasus malware in just two weeks. Although the Israeli Ministry of Defense considers the source code a state secret, US District Court Judge Phyllis Hamilton granted WhatsApp's request for information regarding the “full functionality” of Pegasus.

Pegasus is a notorious spy tool used by governments and security agencies to monitor persons of interest by hacking into devices such as iPhones. Apple is working to combat the effects of spyware, warning journalists in Russia and users in Armenia about potential infections, among others.

At the heart of the WhatsApp case is the idea that Pegasus spyware is intercepting information from various messaging apps, including itself, as well as iMessage, Skype, Telegram, WeChat, Facebook Messenger and others. The Meta-owned service said it needed access to the “full functionality” of Pegasus to prove the allegations.

NSO Group previously offered to share information only about the program's “benchmark level,” but the judge rejected that offer as insufficient. She rejected WhatsApp's further demand to force NSO Group to share information about its server architecture, as well as a list of the names of NSO Group's clients.

WhatsApp filed the lawsuit back in 2019, but it took a very long time to review various parts of the case. Judge Hamilton ordered that “all relevant spyware” be transferred to WhatsApp for a period of one year before and after two weeks of the alleged Pegasus attack, i.e. from late April 2018 to mid-May 2020.

A WhatsApp spokesperson said the decision “is an important milestone in achieving our long-term goal of protecting WhatsApp users from illegal attacks. “Spyware companies and other bad actors need to understand that they can be caught and cannot ignore the law.”

The US government blacklisted the use of NSO Group software by any government in 2021, finding that the Israeli company “acted contrary to US foreign policy and national security interests.” NSO Group argues that it should not be prosecuted for producing malware, arguing that it only sells its software to official governments around the world.

Leave a Reply

Your email address will not be published. Required fields are marked *