Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Justices Turn Away Israeli Spyware Maker in WhatsApp Suit

The Supreme Court on Monday rejected an Israeli spyware maker’s bid to derail a high-profile lawsuit filed by the WhatsApp messaging service.

The justices left in place lower court rulings against the Israeli firm, NSO Group. WhatsApp claims that NSO targeted some 1,400 users of the encrypted messaging service with highly sophisticated spyware.

The Supreme Court on Monday rejected an Israeli spyware maker’s bid to derail a high-profile lawsuit filed by the WhatsApp messaging service.

The justices left in place lower court rulings against the Israeli firm, NSO Group. WhatsApp claims that NSO targeted some 1,400 users of the encrypted messaging service with highly sophisticated spyware.

WhatsApp parent Facebook, now called Meta Platforms Inc., is trying to block NSO from Facebook platforms and servers and recover unspecified damages.

NSO argued that it should be recognized as a foreign government agent and therefore be entitled to immunity under U.S. law limiting lawsuits against foreign countries. The request appeals a pair of earlier federal court rulings that rejected similar arguments by the Israeli company.

The Biden administration recommended that the court turn away the appeal. The Justice Department wrote that “NSO plainly is not entitled to immunity here.”

NSO’s flagship product, Pegasus, allows operators to covertly infiltrate a target’s mobile phone, gaining access to messages and contacts, the camera and microphone and location history. Only government law enforcement agencies can purchase the product and all sales are approved by Israel’s Defense Ministry, NSO said. It does not identify its clients.

WhatsApp says at least 100 of the users connected to its lawsuit were journalists, rights activists and civil society members. Critics have said that NSO’s clients include Saudi Arabia, the United Arab Emirates, Jordan and Poland and that those countries have abused the system to snoop on critics and stifle dissent.

NSO said it has safeguards in place to prevent abuses, although the company also said it has no control over how its clients use the product.

The WhatsApp case is among a series of legal battles plaguing NSO. In a separate lawsuit, Apple says it aims to prevent NSO from breaking into products. It claimed Pegasus had affected a small number of iPhone users worldwide, calling NSO’s employees “amoral 21st century mercenaries.”

In November, journalists from an investigative news outlet in El Salvador also sued NSO in a U.S. court after Pegasus spyware was detected on their iPhones.

“NSO’s spyware has enabled cyberattacks targeting human rights activists, journalists, and government officials. We firmly believe that their operations violate U.S. law and they must be held to account for their unlawful operations,” WhatsApp spokesperson Carl Woog said in a statement.

A lawyer for the journalists who sued also praised the court’s action. “Today’s decision clears the path for lawsuits brought by the tech companies, as well as for suits brought by journalists and human rights advocates who have been victims of spyware attacks,” Carrie DeCell, senior staff attorney at the Knight First Amendment Institute at Columbia University, said in a statement.

In its own statement, NSO said: “We are confident that the court will determine that the use of Pegasus by its customers was legal.”

NSO also has been blacklisted by the U.S. Commerce Department, limiting its access to U.S. technology. U.S. officials said the company’s products were complicit in “transnational repression.”

Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation

Related: US Puts New Controls on Israeli Spyware Company NSO Group

Related: Apple Ships Urgent Patch for FORCEDENTRY Zero-Days

 

Related: Apple Confirms New Zero-Day Attacks on Older iPhones

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...