On Tuesday, WhatsApp achieved a significant legal victory against NSO Group, the notorious spyware company, which has been ordered to pay over $167 million in damages. This decision marks the conclusion of a protracted legal battle that began in October 2019, when WhatsApp accused NSO Group of exploiting a vulnerability in its audio-calling feature to hack into more than 1,400 users.
The verdict was reached after a week-long jury trial that included testimonies from both WhatsApp employees and NSO Group’s CEO, Yaron Shohat. Notably, the trial revealed that NSO Group had ceased contracts with ten government clients due to misuse of its Pegasus spyware. The identities of three clients—Mexico, Saudi Arabia, and Uzbekistan—also came to light, alongside the locations of 1,223 victims targeted by the spyware.
During the trial, WhatsApp’s lawyer explained how the zero-click attack functioned: it involved sending a deceptive WhatsApp call to the victim, which then triggered the installation of Pegasus without the target’s interaction. NSO’s vice president of research and development confirmed that any advancement in a zero-click capability was a significant achievement for Pegasus.
Another noteworthy aspect discussed in the trial was NSO Group’s prior claim that its spyware could not target US phone numbers. However, it was revealed that they had indeed targeted an American number as part of a demonstration for the FBI, a fact confirmed by NSO’s lawyer. The FBI later opted not to deploy the spyware.
Moreover, NSO’s CEO disclosed that their clients do not have the ability to choose their hacking methods, as the Pegasus system automatically selects the most appropriate exploit for each targeted individual. In an interesting coincidence, NSO Group’s headquarters shares a building with Apple in Herzliya, Israel, raising concerns given that Apple’s products are frequently targeted by Pegasus.
In a disturbing revelation, NSO Group admitted to continuing its targeting of WhatsApp users even after the lawsuit commenced. One tactic, referred to as “Erised,” was reportedly active from late 2019 until May 2020, alongside other methods known as “Eden” and “Heaven.” Collectively, these were termed “Hummingbird.”
The evidence heightened concerns over the misuse of spyware and its implications for privacy, raising critical questions about accountability in the technology sector. WhatsApp’s victory in court not only affirms its commitment to user security but also highlights the broader battle against unlawful surveillance practices by companies like NSO Group.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
