Facebook tried to buy Pegasus to monitor iPhone users: NSO Group

The notoriously controversial Israeli security firm, the NSO Group, has released court documents that show Facebook tried to buy Pegasus, the spyware created by the group, in 2017. Pegasus can be used to jailbreak a device and load malware onto it.

How does Pegasus work?

Those being attacked just need to click on a “seemingly innocuous link” received through a message and that lets the spyware jailbreak the user’s device and load malware to monitor, and steal data from, it. This data is exported to the person (or organisation) who sent out the link, and in most cases it is sensitive data.

Data harvested from target devices include all messages, log-in information, photos and data concerning the entire history of the phone’s location.

NSO has said that it only sells its products to a “sovereign government or government agency”, however, according to the declaration made by NSO CEO Shalev Hulio, two Facebook representatives had approached them in October 2017 to purchase the right to use specific capabilities of Pegasus, Vice reported.

Facebook was allegedly interested in buying Pegasus since their own data-gathering software seemed less effective on Apple phones.

The Facebook software that was going to get these Pegasus capabilities was the Onavo Project that was billed as a piece of VPN software. Facebook used Onavo to gather information about other apps Facebook users were using on their smartphones.

“The Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices,” the declaration by Hulio mentions.

“The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users,” Hulio added in the declaration.

According to court documents, Facebook representatives were seemingly not interested in “buying parts of Pegasus as a hacking tool to remotely break into phones, but more as a way to more effectively monitor phones of users who had already installed Onavo”.

“The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users,” the court filing mentions.

According to the deal offered, Facebook had allegedly proposed to pay NSO a monthly fee for each Onavo Protect user, NSO maintains that they refused to sell Facebook the software since it was a private entity.

“Facebook is a private entity and not a sovereign government or government agency for national security and law enforcement purposes and therefore does not meet NSO’s customer criteria. NSO declined the sale and informed Facebook that NSO only licenses its Pegasus technology to governments,” the declaration adds.

Facebook’s Onavo Protect was pulled off the App Store in 2019 when Apple found the “VPN” app violated its newly implemented privacy policies. Specifically, Onavo Protect “ran afoul of data collection restrictions and parts of the iPhone maker’s developer agreement covering customer data usage”.

Apple said that Onavo Protect “used data for purposes not directly related to app functionality or for serving up advertising to users”.

“NSO is trying to distract from the facts Facebook and WhatsApp filed in court nearly six months ago. Their attempt to avoid responsibility includes inaccurate representations about both their spyware and a discussion with people who work at Facebook,” a Facebook spokesperson said in a statement.

Also Read: NSO Group hits back at Facebook in snooping case

NSO is currently being sued by Facebook for “exploiting a VoIP-related vulnerability in WhatsApp that allowed Pegasus to install spyware on both iOS and Android handsets remotely”.

In July last year, the NSO Group made news due to its government customers. It was discovered that Pegasus could extract far more data about any individual than what was previously known. It could also covertly retrieve all information stored on Apple, Google, Microsoft, Amazon and Facebook servers.

According to another Vice report, NSO has recently been working on another product that would “digest location data in an attempt to provide insights to potential spreading of the coronavirus, but privacy experts were highly cautious of the approach”.

NSO CEO Hulio, did not respond to a request for comment made by Vice. In an email, however, an NSO spokesperson said – “At this stage we are only releasing what is contained in the official court documents.”