Facebook allegedly tried to buy Pegasus exploit to spy on iOS users

Updated on 04-Apr-2020
HIGHLIGHTS

Pegasus exploit can be installed remotely on target devices

The exploit can silently collect all information from target device and upload to predetermined server

User never comes to know their phone has been hacked

The very mention of Facebook in today’s times brings up unsettling thoughts. It’s a company that’s built on taking user information and using it through various means to make a profit. Sometimes, the means with which Facebook carries out these activities are questionable, and sometimes, just downright breach of trust. One such attempt was allegedly made by Facebook back in 2017 when they tried to buy the Pegasus spyware from NSO in order to better collect data from the phones of iOS users.

NSO representatives have alleged in a recent court filing that two Facebook representatives approached the security agency with the intent to purchase the Pegasus exploit. For those who are not aware, Pegasus is a tool developed by NSO that can be remotely installed on target iOS devices. Once installed, the iPhone is jailbroken, followed by malware being installed on the device. Then, the malware will collect all the data it can and send the information off to a predetermined person. You may remember Jeff Bezos’ phone being hacked recently through a video received on WhatsApp. That was the Pegasus exploit in action. However, the two Facebook executives wanted to use the exploit in a slightly different manner. According to the filing, they wanted to use the exploit to better gather data from iOS devices since their own solution wasn’t doing a good enough job.

The solution that the filing talks about is the Onavo Protect app that Facebook had launched earlier that year (2017) in the guide of a VPN. It was later discovered that Onavo was not the benevolent VPN app, but instead was being used by Facebook top snoop on what other apps iOS users were using. The court filing reads that “The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and was willing to pay for the ability to monitor Onavo Protect users." NSO claims they did not go ahead with the deal because they only sell the Pegasus exploit to governments and law enforcement agencies tasked with national security, neither of which fit Facebook.

NSO and Facebook are currently entrenched in a legal battle, with the lawsuit being brought by Facebook against NSO. The social media giant has taken NSO to court over the exploitation of a VoIP vulnerability in WhatsApp, that allowed Pegasus to install spyware on iOS and Android devices.

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech.

Connect On :