A hot potato: Facebook sued spyware firm NSO Group in October 2019 for enabling a precisely-targeted attack on several WhatsApp users by means of fake servers and explointing a VoIP-related vulnerability in WhatsApp. Now NSO says Facebook tried to buy its Pegasus spyware tool long before caring for its users getting hacked.
An ongoing court battle has surfaced an interesting piece of information that, if proven true, could result in another scar on Facebook’s public image.
Back in October 2019, Facebook sued Israeli firm NSO group for allegedly facilitating a hack on several high-profile WhatsApp users on behalf of unnamed government clients. This involved a sophisticated attack that used fake WhatsApp servers in order to make the target devices easier to breach.
NSO is known for licensing its infamous Pegasus spyware tool to whomever wants the ability to steal data from your Microsoft, Apple, Google, and Facebook accounts, not to mention everything that’s stored on your phone.
Court documents filed this week and spotted by Vice have revealed that Facebook representatives approached NSO in 2017 with the intention of using their software on iPhone and iPad users.
Interestingly, the social giant had very little interest in using it as hacking tool, but was exploring the idea of harnessing it to effectively monitor iOS users, which is notoriously more difficult than targeting Android users. The proposed deal would have had Facebook pay a fee for every user it would be able to track through Pegasus.
According to court filings, Facebook at the time was “concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices.” NSO CEO Shalev Hulio refused to license Pegasus for that purpose, so Facebook went ahead and launched Onavo without that functionality.
Of course, even without Pegasus to give it superpowers, Onavo was built as a VPN that secured your internet activity and made it obscure for everyone but Facebook. This eventually led to its removal on both Apple’s App Store and Google’s Play Store.
As for NSO, the company says it chose not to sell Pegasus to Facebook as the latter “is a private entity and not a sovereign government or government agency for national security and law enforcement purposes and therefore does not meet NSO’s customer criteria.”
In the meantime, Facebook made not one but two apps to collect data on you and pay for it upfront. One is called Study from Facebook and looks at how you use apps, and the other is Viewpoints, which pays you to take short surveys.