A U.S. federal judge has ruled that Israeli spyware maker NSO Group violated state and federal hacking laws by exploiting WhatsApp to install its Pegasus spyware on devices. The ruling, delivered by Judge Phyllis Hamilton in Northern California, found NSO liable for targeting 1,400 WhatsApp users, including human rights defenders, journalists, and diplomats. The decision comes nearly five years after WhatsApp, owned by Meta, sued NSO, alleging the spyware exploited a vulnerability in the app’s audio-calling feature. The court determined that NSO breached WhatsApp’s terms of service, which explicitly forbid malicious use of the platform. Judge Hamilton highlighted that NSO failed to provide any plausible explanation for its activities without accessing WhatsApp’s systems.
The court also criticized NSO’s lack of transparency, noting repeated failures to comply with discovery orders, including the refusal to disclose the Pegasus source code and internal communications about WhatsApp vulnerabilities. Meta spokesperson Emily Westcott welcomed the decision, emphasizing that it holds spyware companies accountable. Will Cathcart, Head of WhatsApp, hailed the ruling as a “huge win for privacy.” The case now advances to trial in March 2025, where a jury will determine the damages NSO must pay WhatsApp. NSO has declined to comment, maintaining its stance that Pegasus is used to combat crime and safeguard national security.
