A group of businesses have submitted a supporting legal document, known as an amicus brief, in the lawsuit initiated by WhatsApp against the Israeli technology firm NSO Group. The claim alleges that NSO Group utilized a previously unknown security flaw within the messaging application to compromise a minimum of 1,400 devices, with some of those affected being journalists and advocates for human rights.

NSO Group specializes in the creation and distribution of its Pegasus spyware to governmental entities, granting these nations the capability to secretly target and infiltrate the devices of individuals. This type of spyware, such as Pegasus, can monitor a person’s whereabouts, access their communications – including messages and calls – acquire their photos and data, and extract confidential information from their device. Installation often occurs through deceptive links or by leveraging undiscovered weaknesses in applications or mobile phones to infect devices without the user’s knowledge. The company has faced criticism for providing its services to governments with questionable human rights records, including Saudi Arabia, Ethiopia, and the United Arab Emirates.

The previous year, WhatsApp identified and resolved a vulnerability that was reportedly being exploited to deploy the sophisticated spyware, sometimes without the awareness of those targeted. Subsequently, WhatsApp filed a legal action against NSO Group to gain a clearer understanding of the situation, specifically to determine which governmental client was responsible for the attack.

NSO Group has consistently denied the accusations, but earlier this year, it failed to persuade a U.S. court to dismiss the case. The core of NSO’s legal argument centers on the assertion that it is protected by legal immunities due to its work on behalf of governments.

However, a coalition of technology companies has aligned with WhatsApp, now requesting the court to prevent NSO Group from asserting or benefiting from any such immunity.

Microsoft (encompassing LinkedIn and GitHub), Google, Cisco, VMware, and the Internet Association – representing numerous major tech companies like Amazon, Facebook, and Twitter – cautioned that the development of spyware and surveillance technologies, including the accumulation of vulnerabilities used to deploy them, compromises the safety and security of the general public and creates the potential for these tools to be misused.

In a statement on their blog, Tom Burt, Microsoft’s head of customer security and trust, emphasized that NSO Group should be held responsible for the tools it creates and the vulnerabilities it exploits.

“Technology companies should be legally accountable when their cyber-surveillance tools are used to violate the law, or when they knowingly allow such use, irrespective of their clientele or objectives,” Burt stated. “We believe that joining forces with our competitors through this amicus brief will contribute to the protection of our shared customers and the broader global digital environment from indiscriminate attacks.”

A representative from NSO Group has not yet provided a response.