Have you ever worried your phone conversations are being listened to? Pegasus spyware, developed by the Israeli NSO Group, can be installed remotely on iPhones and Androids. This spyware exploited the vulnerability CVE-2019-3568 in WhatsApp to gain access into your phone.
Some information about CVE-2019-3568:
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.
NSO Group has been ordered by a federal judge (Phyllis Hamilton) in California to share the SOURCE CODE for "all relevant spyware".
The US has sanctioned commercial spyware vendors like NSO Group, Intellexa and Cytrox. The US government has accepted these vendors as possible threats to their national security.
Spyware companies and other malicious actors need to understand they can be caught and will not be able to ignore the law.
https://bit.ly/48MhDtr
"The order from Judge Phyllis Hamilton at the end of last month stems from WhatsApp's 2019 lawsuit against NSO for allegedly spying on 1,400 WhatsApp users.
The spyware maker is accused of sending carefully crafted data over the internet to select people's phones that, via a vulnerability in the chat app's VoIP stack, allowed malicious code to silently run on those devices, code that in turn allowed victims' conversations and other sensitive information to be accessed remotely. NSO marketed this surveillance service to governments around the world.
Judge Hamilton's ruling covers Pegasus and other relevant NSO spyware during the period from April 29, 2018 to May 10, 2020..."
"During the period from January 2018 through May 2019, NSO Group allegedly created WhatsApp messaging accounts, set up a series of proxy and relay servers using cloud service providers, and used this infrastructure to send maliciously crafted network packets, via WhatsApp's systems, to mobile devices to exploit CVE-2019-3568."
"'Defendants caused their malicious code to be transmitted over WhatsApp servers in an effort to infect approximately 1,400 target devices,' WhatsApp's complaint claims. 'The target users included attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.'"
"Since WhatsApp filed its lawsuit in 2019, pressure has been mounting to curtail the sale of sophisticated spyware. The US has sanctioned commercial spyware vendors like NSO Group, Intellexa, and Cytrox..."
"...However, Amnesty International contends that the software, among other harms, played a role in an infamous assassination. It notes that 'family members of Saudi journalist Jamal Khashoggi were targeted with Pegasus software before and after his murder in Istanbul on 2 October 2018 by Saudi operatives, despite repeated denials from NSO Group.'"
No comments:
Post a Comment