WhatsApp Wins $167 Million in NSO Group Spyware Lawsuit
WhatsApp achieved a significant victory against NSO Group, with a jury awarding Meta's messaging platform over $167 million in damages. This verdict concludes a five-year legal battle initiated in 2019 when WhatsApp accused NSO Group of exploiting a vulnerability in its audio-calling feature to hack over 1,400 users.
How the WhatsApp Attack Worked
The attack employed a zero-click exploit, requiring no user interaction. NSO Group used a "WhatsApp Installation Server" to send malicious messages mimicking legitimate ones. These messages triggered the target's phone to download Pegasus spyware simply by knowing the user's phone number.
Any zero-click solution whatsoever is a significant milestone for Pegasus.
- Tamir Gazneli, NSO Group's R&D Vice President
Key Revelations from the Trial
- Targeting American Phone Number: NSO Group confirmed testing Pegasus on a U.S. phone number for the FBI.
- Pegasus Use by Governments: NSO's CEO explained that Pegasus automatically selects the hacking technique, leaving the choice out of the government clients' hands.
- Shared Headquarters: NSO Group's headquarters shares a building with Apple in Herzliya, Israel.
- Continued Targeting After Lawsuit: NSO Group admitted to continuing attacks on WhatsApp users even after the lawsuit was filed.
- NSO Group's Finances: Testimony revealed NSO Group's financial struggles, with losses exceeding revenue and limited cash reserves.
NSO Group's Dire Financial Situation
NSO Group's CEO, Yaron Shohat, testified about the company's financial difficulties. The company reported significant losses and dwindling cash reserves, claiming an inability to pay substantial damages.
This case highlights the growing threat of sophisticated spyware and its potential impact on individuals and organizations. The verdict sends a strong message about the legal consequences of developing and deploying such technology.
