- The NSO Group has been ordered to pay Meta millions after a jury ruled it illegally used its Pegasus spyware to infiltrate WhatsApp and spy on over 1,000 users.
- The case has brought new attention to how Pegasus operates, revealing its ability to access smartphones covertly.
- Although Meta celebrated the ruling as a milestone for privacy protection, it acknowledged that the spyware remained a real issue for global companies.
A California jury has ordered Israel’s NSO Group to pay $168 million in damages for hacking into WhatsApp servers and targeting Meta users with its Pegasus spyware.
The verdict marks the end of a six-year legal battle and a significant victory for Meta in the fight against commercial spyware.
Landmark Ruling
On Tuesday, May 6, the jury awarded Meta $444,719 in compensatory damages and an additional $167.3 million in punitive damages.
The ruling stems from NSO Group’s unauthorized use of its Pegasus spyware, which exploited a critical vulnerability in WhatsApp in 2019, affecting over 1,000 users.
NSO Group, an Israeli technology firm, is best known for creating Pegasus, a powerful surveillance tool capable of covertly accessing smartphones.
While the company claims it sells the software exclusively to government agencies for counterterrorism and law enforcement purposes, it has faced international criticism for its alleged role in facilitating human rights abuses.
Meta Celebrates Victory Against NSO
“Today’s verdict in the WhatsApp case is a major step forward for privacy and security,” Meta said in a blog post.
“This marks the first successful legal action against the development and use of illegal spyware that threatens people’s safety and privacy.” Meta added.
The case has shed new light on the inner workings of Pegasus, according to Meta.
Detailing the case in its blog post, Meta explained how the spyware secretly compromises mobile phones, enabling remote access to messages, apps, cameras, and microphones without the user’s knowledge or consent.
“Put simply, NSO’s Pegasus works to covertly compromise people’s phones with spyware capable of hoovering up information from any app installed on the device,” Meta wrote.
WhatsApp Vulnerability Exploited
The lawsuit originated in 2019 when Meta discovered that NSO Group had exploited a vulnerability in WhatsApp to install spyware on user devices.
The breach affected approximately 1,400 users, including journalists, activists, and government officials.
In a December 2024 ruling, District Judge Phyllis Hamilton determined that NSO Group was liable for the breach.
Meta emphasized that WhatsApp was not the only platform targeted by NSO Group.
The company alleged that NSO had developed multiple methods to install spyware, including through instant messaging apps, web browsers, and mobile operating systems.
“NSO admitted to spending tens of millions of dollars annually to develop these spyware delivery methods,” Meta stated. “Pegasus remains capable of compromising both iOS and Android devices.”
Ongoing Secrecy
Meta stated that the ruling sent a strong message that “illegal actions by spyware firms against American technologies will not be tolerated.”
However, the company said that there was still a “long road ahead” before it reaches full justice. The Facebook owner claimed its next step is to secure a court order to prevent NSO from ever targeting WhatsApp again.
Despite the legal victory, many aspects of NSO Group’s operations remain hidden.
According to a 2024 report by The Guardian , Israeli officials confiscated documents from NSO to prevent them from being presented in U.S. courts.
In her December ruling, Judge Hamilton stated that the whole case “is shrouded in so much secrecy” and claimed “there’s so much that’s not known.”
