Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.

US Supreme Court says ‘No’ to Israeli spyware maker’s immunity claim

Israeli spyware company NSO Group has just been dealt a blow by the US Supreme Court in an ongoing legal dispute between the company and Meta’s WhatsApp messaging service.

user icon David Hollingworth
Tue, 10 Jan 2023
US Supreme Court says ‘No’ to Israeli spyware maker’s immunity claim
expand image

Previously, the NSO Group had claimed that it could invoke the same immunity clause as foreign states, but the Supreme Court has denied the company any immunity on that basis. 

The dispute dates back to 2019, when WhatsApp and its parent company Facebook sued NSO claiming the spyware maker had used a WhatsApp vulnerability to install its Pegasus spyware on approximately 1,400 smartphones. The phones belonged to a range of individuals from countries around the world, including in Europe, North America, and Asia. 

According to the original complaint, the NSO Group was able to create a raft of WhatsApp accounts to make calls that could spread the Pegasus spyware, whether or not a user answered them. Further, the calls appear to have come from WhatsApp’s own servers.

“To avoid the technical restrictions built into WhatsApp Signaling Servers, Defendants formatted call initiation messages containing malicious code to appear like a legitimate call and concealed the code within call settings,” the 2019 lawsuit reads. “Disguising the malicious code as call settings enabled Defendants to deliver it to the Target Device and made the malicious code appear as if it originated from WhatsApp Signaling Servers.”

It is not yet known who the NSO Group may have been operating on behalf of. 

The NSO Group has steadfastly claimed that its operations are in any way illegal. It claimed as recently as December 2022 that its spyware is only used by “law enforcement and intelligence agencies of sovereign states and government agencies to legally overcome encryption challenges to address international threats of terrorism and other serious crimes”.

Despite this, in 2021, a range of 86 human rights groups co-signed a letter to the European Union to sanction the company for “violations or abuses of freedom of peaceful assembly and of association, or of freedom of opinion and expression”. 

In July of the same year, The Guardian published its own exposé of the NSO Group, claiming that many individuals targeted by Pegasus were not criminals, but rather journalists and human rights activists, among others.

When installed on a device, Pegasus can monitor phone calls and messages, as well as access a smartphone’s camera.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.