For all of us who have worked on or contributed to WhatsApp’s fight against NSO Group, today’s ruling against NSO comes as a surprise and a precedent to other mercenary spyware providers operating today. According to the Guardian’s summary of the Order:
“Ultimately, however, she sided with WhatsApp in ordering the company to produce “all relevant spyware” for a period of one year before and after the two weeks in which WhatsApp users were allegedly attacked: from 29 April 2018 to 10 May 2020. NSO must also give WhatsApp information “concerning the full functionality of the relevant spyware”.”
WOW. What a precedent. Producing “all relevant spyware” for the year before and after the attack means that the vulnerabilities in question will be clearly understood by WhatsApp and the company can remediate them fully. That renders those vulns moot, along with any other vulns found in the code (as I have confidence that Meta will notify others of vulns they uncover).
This is a great precedent in the fight against spyware. I can’t wait to read the opinion. Let’s keep fighting the good fight.
Court orders maker of Pegasus spyware to hand over code to WhatsApp | WhatsApp | The Guardian
