7 Key Insights from the WhatsApp vs. NSO Group Spyware Lawsuit: What You Need to Know

In a significant legal victory for WhatsApp, a jury has ordered the notorious NSO Group to pay over $167 million in damages. This ruling marks the end of a protracted legal battle that began in October 2019, when WhatsApp accused the spyware manufacturer of hacking more than 1,400 of its users by exploiting a vulnerability in the app’s audio-calling feature.

Details of the Jury Verdict

The verdict was delivered after a week-long trial that included testimonies from key figures such as NSO Group’s CEO, Yaron Shohat, and various WhatsApp employees involved in investigating the cyberattack. The case unearthed startling revelations, such as the company’s decision to cut ties with 10 government customers for misusing its Pegasus spyware.

Key Revelations from the Trial

• NSO Group’s spyware targeted individuals in countries like Mexico, Saudi Arabia, and Uzbekistan.
• Testimonies revealed how a sophisticated zero-click attack worked by initiating a fake WhatsApp call.
• NSO Group’s interface does not allow customers to choose their hacking methods, focusing solely on intelligence gathering.

Understanding the Zero-Click Attack

During the trial, WhatsApp’s lawyer, Antonio Perez, detailed how the zero-click attack functioned. This type of attack required no interaction from the victims:

• The attack began with a fake WhatsApp call.
• This triggered the victim’s phone to download the Pegasus spyware from a third-party server.
• The only requirement for the attack to succeed was the target’s phone number.

NSO Group’s Targeting of U.S. Phone Numbers

Despite NSO Group’s previous claims that its spyware could not target American phone numbers, it was revealed that the company conducted tests on a U.S. number for the FBI. This was confirmed by NSO’s lawyer, Joe Akrotirianakis, who stated it was a specially configured version of Pegasus.

Government Usage of Pegasus

NSO Group’s CEO explained that the Pegasus user interface does not allow clients to select specific hacking techniques. Instead, the system autonomously determines the most effective exploit for each target.

Interesting Facts About NSO Group

In an ironic twist, NSO Group operates its headquarters in the same building as Apple, a company often targeted by its spyware. Shohat humorously noted that both companies share the same elevator.

Controversial Practices Post-Lawsuit

Despite the ongoing lawsuit, NSO Group continued its operations targeting WhatsApp users. Testimonies revealed that various versions of the zero-click exploit were active even after legal proceedings began.

Financial Challenges Faced by NSO Group

During the trial, Shohat disclosed the company’s precarious financial situation, stating that NSO Group had incurred losses of $9 million in 2023 and $12 million in 2024. Currently, the company struggles to maintain its financial commitments, burning through approximately $10 million monthly.

For more insights into the evolving landscape of cybersecurity and spyware, visit TechCrunch for updates.

Stay tuned for further developments as we continue to monitor this case and its implications on digital privacy and security.