Takardun shari'a da aka fitar a zaman wani bangare na takaddamar shari'a da ke gudana tsakanin kamfanin Meta wato WhatsApp da NSO Group sun bayyana cewa mai siyar da kayan leken asiri na Isra'ila ya yi amfani da abubuwa da yawa da suka shafi manhajar aika saƙon don isar da Pegasus, ciki har da ɗaya ko da bayan Meta sun kai ƙarar yin hakan.
Mene ne Pegasus? A shekarar data gabata ne mukai rubutu game da wannan manhajar wadda ake amfani da ita don leken asiri. karanta wannan rubutun anan: Pegasus Spyware (Manhajar satar bayanan sirri)
Sun kuma nuna cewa kungiyar NSO ta sake gano hanyoyin shigar da kayan aikin sa ido da satar bayanai kan na'urorin da aka yi niyya yayin da WhatsApp ke kafa sabbin hanyoyin kariya don dakile barazanar.
A watan Mayun 2019, WhatsApp sun ce sun toshe wani babban hari ta yanar gizo wanda aka yi amfani da tsarin kiran bidiyo wato (video call) don sadar da Pegasus malware a cikin sirri. Harin ya yi amfani da aibi na Zero-day wanda akayi ma lakabi da CVE-2019-3568 (CVSS maki: 9.8), babban vulnerability na buffer overflow a cikin ayyukan kiran murya na Whatsapp.
Takardun yanzu sun nuna cewa NSO Group "sun haɓaka wani vector na shigarwa (wanda aka sani da Erised) wanda kuma yayi amfani da Servers na WhatsApp don shigar da Pegasus." Ita wannan kafar da za'a iya shiga wayar mutum ba tare da ya danna komai ba (zero-click) wanda zai iya lalata wayar wanda ake son kaima hari ba tare da wani mu'amala daga wanda wanda ake son kaima hari ba (ma'ana ba sai ya danna komai a cikin wayar sa ba) - an kawar da shi wani lokaci bayan Mayu 2020, wanda ke nuna cewa an yi amfani da shi duk da bayan WhatsApp sun shigar da karar a cikin Oktoba 2019.
“[NSO Group] sun yarda cewa sun kirkiri wadancan abubuwan ne ta hanyar cirewa da kuma lalata code na WhatsApp, canza WhatsApp app zuwa asalin code din da aka hada whatsapp (reverser-engineering), da kuma yin amfani da nasu 'WhatsApp Installation Server' (ko 'WIS') don aika saÆ™on da ba daidai ba (wanda ke amfani da WhatsApp ba zai iya aikawa ba) ta hanyar servers din WhatsApp kuma ta haka ne suka samu damar shigar da Pegasus kayan leken asiri - duk da sun saba wa dokar tarayya da ta jiha da kuma bayyanannen SharuÉ—É—an Sabis na WhatsApp," a cewar takaddun kotun da ba a rufe ba.
Musamman, Heaven da Eden sunyi amfani da saƙon da aka sarrafa don tilasta server ta siginar WhatsApp - waɗanda ake amfani da su don tantance abokin ciniki (manhajar da aka sauke) - don jagorantar na'urori masu niyya zuwa server relay na third-party relay wanda ƙungiyar NSO ke sarrafawa.
Sabunta tsaro a gefen server da WhatsApp suka yi a karshen shekarar 2018 ya sa kamfanin ya kirkiro wani sabon exploit - mai suna Eden - a watan Fabrairun 2019 wanda ya kawar da bukatar uwar garken Relay na Kamfanin NSO Group don tallafawa relays da WhatsApp ke sarrafawa.
"NSO ta ki bayyana ko ta ci gaba da inganta Malware Vectors na WhatsApp bayan 10 ga Mayu, 2020," a daya daga cikin takardun. "NSO kuma ta yarda cewa an yi amfani da vectors na malware din don samun nasarar shigar da Pegasus akan 'tsakanin daruruwan da dubun dubatar' na'urori."
Bugu da ƙari, fayilolin suna ba da kallon bayan fage na yadda aka sanya Pegasus akan na'urar da aka yi niyya ta amfani da WhatsApp, da kuma yadda ƙungiyar NSO, ba abokan ciniki ba, ke sarrafa kayan leƙen asiri, wanda ya sabawa da'awar farko daga kamfanin Isra'ila.
"Matsayin abokan cinikin NSO kadan ne," in ji takardun. "Abokin ciniki kawai yana buƙatar shigar da lambar na'urar da aka yi niyya sannan ya 'latsa install, kuma Pegasus zai shigar da manhajar akan na'urar ba tare da wani haɗin gwiwa ba.' A wasu kalmomin, abokin ciniki kawai yana ba da oda don bayanan na'urar da aka yi niyya, kuma NSO tana sarrafa kowane bangare na tsarin dawo da bayanan da isar da saƙo ta hanyar ƙirar Pegasus."
Tohm masu karatu a daidai wannan lokacin, me kuke tunani idan har kungiyar NSO ta fara yin kan me uwa jawabi ta hanyar turoma da mutane masu amfani da whatsapp a fadin duniya??
Shin me ne ne mafita??