By Zainab Iwayemi
A coalition of companies comprising Google, Microsoft, Cisco, VMware, in support of a legal case brought by WhatsApp against Israeli intelligence firm, NSO Group, accusing the company of using an undisclosed vulnerability in the messaging app to hack into about 1,400 devices, some of which were owned by journalists and human rights activists, has taken side with WhatsApp, and is asking the court to not allow NSO to claim or be subject to immunity.
The Israeli company develops and sells governments access to its Pegasus spyware, which gives room for its nation-state customers to target and also hacks into the devices of its targets. Hence, allowing the spyware to track a victim’s location, and hack into their privacy.
The previous year had seen WhatsApp patch vulnerability that it said was being abused to deliver the government-grade spyware, even when the victim is unaware. Months later, NSO was sued by WhatsApp to give insight on the incident, and the government customers that were behind the attack.
NSO was not able to convince a U.S. court to drop the case earlier this year as it has continually denied the allegation. Its confidence being that it is afforded legal immunities because it acts on behalf of governments.
Users fall victim by getting played into opening a malicious link or links that are disguised to help in exploiting new vulnerabilities – in apps or phones – in other to silently infect the victims with the spyware. Similarly, the tactic gives access to read messages and listen to calls, steal photos and files and siphon off private information from devices. Hence, the company has drawn wrath for selling to authoritarian regimes, such as Saudi Arabia, Ethiopia and the United Arab Emirates.
Microsoft – alongside its subsidiaries, LinkedIn and GitHub – Google, Cisco, VMware and the Internet Association, which represents dozens of tech giants, including Amazon, Facebook and Twitter, has warned that the development of spyware and espionage tools (including hoarding the vulnerabilities used to deliver them) make ordinary people less safe and secure, and also runs the risk of these tools falling into the wrong hands.
Tom Burt, Microsoft’s customer security and trust chief said. “Private companies should remain subject to liability when they use their cyber-surveillance tools to break the law, or knowingly permit their use for such purposes, regardless of who their customers are or what they’re trying to achieve
“We hope that standing together with our competitors today through this amicus brief will help protect our collective customers and global digital ecosystem from more indiscriminate attacks,” Burt stressed.
