November 18, 2024 at 02:03AM
Legal documents reveal that NSO Group exploited WhatsApp vulnerabilities to install Pegasus spyware, even after facing lawsuits from Meta. New vectors, like “Erised,” were developed to bypass defenses. NSO controls the spyware deployment, contradicting claims of client operation responsibility, with Apple enhancing security features against such breaches.
### Meeting Takeaways:
1. **Legal Developments**:
– Revelations from legal documents indicate NSO Group utilized multiple vulnerabilities in WhatsApp to deliver the Pegasus spyware, even after legal action was initiated by Meta in October 2019.
2. **Exploits and Attacks**:
– NSO Group developed various installation methods, including Erised (a zero-click exploit), to bypass WhatsApp’s defenses.
– A critical zero-day vulnerability (CVE-2019-3568) was exploited during an attack in May 2019, underscoring the ongoing cat-and-mouse game between NSO Group and WhatsApp’s security updates.
3. **Malware Vector Categories**:
– The various malware vectors known as Hummingbird, including Heaven and Eden, utilized WhatsApp servers for deploying Pegasus.
– Heaven manipulated WhatsApp’s signaling servers to facilitate unauthorized installations of the spyware.
4. **NSO Group’s Operations**:
– Court documents reveal NSO Group, not its clients, controlled the operations of Pegasus, requiring minimal involvement from the customers beyond inputting the target’s phone number.
– The documents suggest that NSO Group successfully installed Pegasus on a significant number of devices, potentially in the range of hundreds to tens of thousands.
5. **Ongoing Litigation**:
– Apple filed a motion in September 2024 to dismiss its lawsuit against NSO Group due to concerns over exposing sensitive threat intelligence, indicative of the evolving security landscape.
6. **Security Enhancements**:
– Apple continues to bolster its device security against such spyware attacks, having introduced features like Lockdown Mode and a new inactivity reboot mechanism in iOS 18.2, aimed at improving device protection by requiring re-entry of passwords after a period of inactivity.
7. **Implications for Law Enforcement**:
– The inactivity reboot feature adds urgency for law enforcement to expedite data extraction from devices to ensure access to crucial information before devices auto-reboot, complicating retrieval efforts.
These takeaways summarize the key points from discussions regarding the legal battle between Meta and NSO Group, the technical aspects of the spyware employed, and the ongoing developments in device security measures.