With almost everything is connected to the internet, it seems to be no end to vulnerabilities waiting to be discovered.
And here, an Israeli spyware called the 'Pegasus' from the firm NSO Group, is thought to be able to gather data from Apple’s devices and cloud storage, as well as Google Android phones, and third-party apps installed on the phone that communicate over “encrypted and secure” connections.
It was first discovered that back in 2019, this Israeli spyware was capable of mining data from almost any devices and apps. Months later, WhatsApp said that it patched a bug that allowed this spyware to spy on its users.
The in October 2019, Facebook sued NSO Group, accusing the firm for enabling a precisely-targeted attack on several WhatsApp users by means of using fake servers and exploiting a VoIP-related vulnerability in WhatsApp.
In a court battle, NSO fights back.
First, NSO CEO Shalev Hulio admitted that Pegasus can attack devices without a user knowing and he can see who has been targeted with Pegasus. But NSO reckons Facebook's accusations are baseless because it only sells its software to government departments and agencies, and does not operate the tools itself.
What NSO was trying to say is that, the company didn't hack anyone, and it cannot be held accountable for the actions of its customers.
NSO also noted it only deals with governments allowed under Israeli export laws.
Second, NSO also said that Facebook had once tried to buy its Pegasus spying tool, in a bid to snoop on its own social-media users, long before concerning for its users getting hacked.
The filed court documents (PDF) revealed that Facebook representatives approached NSO in 2017 with the intention of using their software on iPhone and iPad users.
At the time, it was said that the social giant had very little interest in using Pegasus as a hacking tool. Instead, the company wanted to explore the idea of Pegasus in effectively monitor iOS users.
Apple has long been a hardcore advocate of privacy, and has tried to deliver just that for its iOS users. This made it practically more difficult for anyone wanting to spy, hack or steal anything from an iPhone or iPad, if compared to Android phones.
According to the doruments, the proposed deal would have had Facebook pay a fee for every user it would be able to track through Pegasus.
Its purpose for using Pegasus, was because Facebook was "concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices."
NSO's CEO Shalev Hulio refused to license Pegasus for that purpose.
The company said that it didn't sell Pegasus to Facebook, as the latter "is a private entity and not a sovereign government or government agency for national security and law enforcement purposes and therefore does not meet NSO's customer criteria."
Declined and unhappy, Facebook continued with its Onavo project without the iOS spying capabilities.
But even without NSO's Pegasus, Onavo was built as a properly built VPN, but with security that is obscured from everyone but Facebook.
This eventually led to the app's removal on both Apple's App Store and Google's Play Store.
In the meantime, Facebook made not one but two apps to collect data on you and pay for it upfront. One of which, is an app called Study from Facebook and looks at how users use apps.