In a significant legal victory, WhatsApp has prevailed against Israeli spyware company NSO Group in a California federal court case concerning the unauthorized deployment of Pegasus spyware. Judge Phyllis J. Hamilton ruled that NSO Group exploited WhatsApp’s servers in California 43 times during May 2019 to deliver their surveillance software.
The court criticized NSO Group for failing to comply with discovery orders, particularly their refusal to provide complete Pegasus source code access, limiting it to only AWS server-related code and restricting access to Israeli citizens within Israel.
Key Findings:
– NSO Group was found liable for breaching WhatsApp’s terms of service
– The company violated platform rules prohibiting malicious activities and reverse engineering
– Evidence showed continued Pegasus deployment through WhatsApp until May 2020
– The spyware exploited a critical vulnerability (CVE-2019-3568) in WhatsApp’s voice calling feature
While NSO Group maintains their technology is designed for legitimate law enforcement and anti-terrorism purposes, numerous reports have documented its misuse by governments worldwide to target activists, journalists, and politicians.
The case will now proceed to determine damages. WhatsApp’s head, Will Cathcart, celebrated the ruling as a “huge win for privacy” after their five-year legal battle. This verdict comes as tech companies, including Apple, continue to implement enhanced security measures against commercial spyware threats.