NSO Group, the team behind the 2019 WhatsApp spyware attack, says Facebook proposed buying “Pegasus” software to better keep tabs on iOS users’ activity.
Notoriously controversial NSO Group have released court documents that show Facebook had attempted to purchase a powerful piece of spyware known as Pegasus. Using Pegasus, after a user clicked a seemingly innocuous link received through a message, the target device would be jailbroken, and malware would be loaded to monitor and steal data. The data is exported, giving users —or Facebook in this case —access to sensitive user data.
Data harvested includes all messages and photos, login information, plus data concerning the entire history of the phone’s location.
Allegedly, NSO only sells its products to a “sovereign government or government agency.” But, according to a declaration from NSO CEO Shalev Hulio, two Facebook representatives approached NSO in October 2017 and asked to purchase the right to use specific capabilities of Pegasus, reports Vice
Facebook was interested in buying Pegasus as they were concerned that their own data-gathering software seemed less effective on Apple devices. Facebook’s software that was going to get the functionality, Onavo Protect, was billed as a piece of VPN software. Onavo was used primarily to gather information about what other apps Facebook users were using on their mobile devices.
“The Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices,” the court filing reads. “The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users.”
Facebook had allegedly proposed to pay NSO a monthly fee for each Onavo Protect user. However, NSO maintains that they refused the sale on the grounds that Facebook is a private entity.
Onavo Protect was eventually forced off the App Store in 2019 when Apple found the app in violation of newly implemented privacy policies. Specifically, the software ran afoul of data collection restrictions and parts of the iPhone maker’s developer agreement covering customer data usage.
Apple said Onavo Protect used data for purposes not directly related to app functionality or for serving up advertising to users.
Facebook is currently suing NSO for exploiting a VoIP-related vulnerability in WhatsApp that allowed Pegasus to install spyware on both iOS and Android handsets remotely.
In July, NSO made the news circuit for its government customers that its Pegasus malware could extract far more data about any given individual. As well as data on the person’s smartphone, the claim is that the group can covertly retrieve all of the information that a person has stored on servers owned by Apple, Google, Microsoft, Facebook, and Amazon.