A researcher at Swedish telecom and cybersecurity firm Enea has unearthed a previously unknown tactic that Israel's NSO Group has made available for use in campaigns to drop its notorious Pegasus mobile spyware tool on mobile devices belonging to targeted individuals worldwide.
The researcher discovered the technique when looking into an entry entitled "MMS Fingerprint" on a contract between an NSO Group reseller and Ghana's telecom regulator.
The contract was part of publicly available court documents associated with a 2019 lawsuit involving WhatsApp and the NSO Group, over the latter's exploitation of a WhatsApp flaw to deploy Pegasus on devices belonging to journalists,
human rights activists, lawyers, and others globally.
The contract described MMS Fingerprint as something that an NSO customer could use to obtain details about a target BlackBerry, Android, or iOS device and its operating system version, simply by sending a Multimedia Messaging Service (MMS) message to it.
"No user interaction, engagement, or message opening is required to receive the device fingerprint," the contract noted.
![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
