Recently released legal documents have exposed how NSO Group, an Israeli spyware company, repeatedly exploited WhatsApp to deliver its Pegasus surveillance software, even after facing legal action from Meta.
Key Findings:
1. Multiple Attack Vectors:
– NSO Group developed several exploitation methods (collectively called Hummingbird)
– Notable vectors included Heaven, Eden, and Erised
– The Erised vector continued operating even after WhatsApp’s 2019 lawsuit
2. Technical Details:
– Exploited WhatsApp’s video calling system
– Used zero-click attacks requiring no user interaction
– Leveraged critical buffer overflow vulnerability (CVE-2019-3568)
– Affected between hundreds and thousands of devices
3. Operation Method:
– NSO Group reverse-engineered WhatsApp’s code
– Created custom “WhatsApp Installation Server” (WIS)
– Sent malformed messages through WhatsApp servers
– Controlled entire installation process, contrary to previous claims
Recent Developments:
– Apple voluntarily dismissed its separate lawsuit against NSO Group
– New security features introduced:
* Lockdown Mode for enhanced protection
* iOS 18.2 beta includes 72-hour inactivity reboot feature
* Requires password re-entry after automatic reboot
The revelations highlight ongoing concerns about commercial spyware and its impact on user privacy, despite NSO Group’s claims that Pegasus is intended solely for combating serious crime and terrorism.