Key Takeaways from the WhatsApp vs. NSO Group Spyware Lawsuit: 5 Essential Insights

In a significant legal development, WhatsApp has achieved a major victory over the NSO Group, a notorious spyware manufacturer, with a jury ruling that the company must pay over $167 million in damages. This landmark decision comes after a prolonged legal battle that began in October 2019, when WhatsApp accused NSO Group of exploiting a vulnerability in its audio-calling feature to hack over 1,400 users.

Details of the Case Against NSO Group

The jury’s verdict followed a week-long trial that showcased various testimonies, including those from NSO Group’s CEO Yaron Shohat and WhatsApp employees involved in the investigation. Key findings during the trial include:

• NSO Group had terminated contracts with 10 government clients for misusing its Pegasus spyware.
• Details emerged about the locations of 1,223 victims affected by the spyware.
• Identities of some NSO clients were revealed, including Mexico, Saudi Arabia, and Uzbekistan.

TechCrunch has been closely following the trial and will continue to provide updates as more information comes to light from the extensive trial transcripts.

The Mechanics of the WhatsApp Attack

During the trial, WhatsApp’s attorney Antonio Perez explained how the zero-click attack functioned. This method required no interaction from the target and was executed by:

1. Placing a fake WhatsApp phone call to the victim.
2. Using a specially designed machine, termed the “WhatsApp Installation Server,” to send malicious messages that mimicked legitimate communications.
3. Once the target received these messages, their phone would connect to a third-party server to download the Pegasus spyware, needing only the victim’s phone number.

NSO Group’s VP of R&D, Tamir Gazneli, emphasized that achieving any zero-click solution is a significant milestone for their Pegasus software.

Revelations About Targeting American Phone Numbers

For years, NSO Group maintained that its spyware could not target American numbers, specifically those starting with the +1 country code. However, reports from The New York Times in 2022 revealed that the company had indeed targeted a U.S. phone number as part of a test for the FBI. NSO’s attorney, Joe Akrotirianakis, confirmed this was a “special exception” made for demonstration purposes.

Understanding NSO Group’s Client Usage of Pegasus

CEO Yaron Shohat explained that the user interface for Pegasus does not allow government clients to choose specific hacking methods. Instead, the system automatically selects the best exploit for each target, ensuring that clients receive the intelligence they require.

Intriguing Coincidence: NSO Group’s Headquarters

Interestingly, NSO Group’s headquarters in Herzliya, Israel, shares a building with Apple. NSO occupies the top five floors, while Apple utilizes the remaining floors, highlighting the irony that NSO’s spyware frequently targets Apple’s iPhone users.

Continued Targeting of WhatsApp Users

Despite the ongoing legal proceedings initiated by WhatsApp in November 2019, NSO Group continued its operations against WhatsApp users. Gazneli disclosed that a version of the zero-click vector, codenamed “Erised,” was active from late 2019 to May 2020, alongside other variants known as “Eden” and “Heaven,” collectively referred to as “Hummingbird.”

For more updates about the implications of this case and other related news, stay tuned to our website. You can also explore related topics on TechCrunch.