NSO Group is a notorious Israeli cyber-arms dealer whose long trail of sleaze has been thoroughly documented by the University of Toronto's Citizen Lab (which may or may not be related to an attempt to infiltrate Citizen Lab undertaken by a retired Israeli spy); NSO has been implicated in the murder and dismemberment of the dissident Saudi journalist Jamal Khashoggi (just one of the brutal dictatorships who've availed themselves of NSO tools), and there seems to be no cause too petty for their clients, which is why their malware has been used to target anti-soda activists in Mexico.
Now, NSO has been caught deploying its "Pegasus" malware via a new and frightening defect in Facebook's Whatsapp messenger. Facebook's description of the bug is that it is "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number." Practically speaking, that means that someone who initiates a Whatsapp call to your Iphone or Android device can seize control of the device, even if you don't answer the call.
If you use Whatsapp, you should update it now.
This vulnerability was used to target a lawyer in London involved in lawsuits against NSO Group over its role in attacks against "the phones of Omar Abdulaziz, a Saudi dissident in Canada; a Qatari citizen; and a group of Mexican journalists and activists." Citizen Lab suspects that other targets were attacked with Pegasus over Whatsapp.
Amnesty International has called on the government of Israel to rescind NSO's export license, based on its long track record of abetting human rights abuses.
NSO is part-owned by the UK private equity firm Novalpina, which valued NSO at $1b.
The firm has been on a public-relations campaign in recent months to show its value to law enforcement, and has cited several examples of its spyware’s being used, it says, to capture drug kingpins and to stop terrorist attacks.
“NSO and Novalpina have spent several months telling the world that there are adults in the room and telegraphing that they have made a commitment to close oversight,” said John Scott-Railton, a senior researcher at Citizen Lab. “Yet even 24 hours ago, we observed what some believe to be an NSO infection attempt against a human-rights lawyer.
“As this case makes it very clear — if indeed this was NSO — there is still a very serious abuse problem,” Mr. Scott-Railton added.
Israeli Firm Tied to Tool That Uses WhatsApp Flaw to Spy on Activists [Nicole Perlroth and Ronen Bergman/The New York Times]