In a landmark decision, a U.S. federal jury has awarded WhatsApp over $167 million in damages against NSO Group, the Israeli firm behind the notorious Pegasus spyware. This verdict concludes a protracted legal battle initiated in October 2019, when WhatsApp accused NSO Group of exploiting a vulnerability in its audio-calling feature to hack more than 1,400 users. ([ft.com](https://www.ft.com/content/be26c503-b4e0-4ba5-a5ca-e9e75c351c46?utm_source=openai))
The Mechanics of the Attack
The attack was executed through a zero-click exploit, meaning the spyware could be installed without any user interaction. NSO Group developed a specialized WhatsApp Installation Server designed to send malicious messages that mimicked legitimate WhatsApp communications. Upon receipt, these messages triggered the target’s device to connect to a third server and download the Pegasus spyware. The only information required to initiate this attack was the target’s phone number.
NSO Group’s Operations and Clientele
During the trial, it was revealed that NSO Group had terminated contracts with ten government clients due to misuse of the Pegasus spyware. The company identified Mexico, Saudi Arabia, and Uzbekistan among its customers. Notably, NSO Group confirmed that it had targeted a U.S. phone number as part of a demonstration for the FBI, contradicting its previous claims that Pegasus could not be used against American numbers.
Legal and Industry Implications
This case sets a significant precedent in holding spyware developers accountable for their actions. The verdict underscores the judiciary’s stance against unauthorized surveillance and the exploitation of software vulnerabilities. Tech giants like Microsoft, Google, and Cisco have expressed support for WhatsApp’s position, emphasizing the dangers posed by such surveillance tools. ([theguardian.com](https://www.theguardian.com/us-news/2020/dec/22/nso-group-spyware-dangerous-say-tech-firms-in-legal-filing?utm_source=openai))
Global Impact and Response
The misuse of Pegasus has had far-reaching consequences, with reports indicating that the spyware was used to target journalists, activists, and political figures worldwide. In Mexico alone, 456 individuals were reportedly spied upon using Pegasus. In Spain, the software was utilized against the Prime Minister and several ministers. These revelations have prompted calls for stricter regulations and oversight of surveillance technologies. ([elpais.com](https://elpais.com/us/2025-05-07/la-empresa-propietaria-del-software-espia-pegasus-condenada-a-pagar-168-millones-de-dolares-a-meta.html?utm_source=openai))
WhatsApp’s Commitment to User Security
In response to the breach, WhatsApp has implemented enhanced security measures and reaffirmed its commitment to user privacy. The company has also emphasized the importance of end-to-end encryption and has taken steps to prevent similar exploits in the future. ([en.wikipedia.org](https://en.wikipedia.org/wiki/WhatsApp_snooping_scandal?utm_source=openai))
Conclusion
The legal victory for WhatsApp against NSO Group marks a pivotal moment in the ongoing battle for digital privacy and security. It highlights the need for vigilance against unauthorized surveillance and the exploitation of technological vulnerabilities. As the digital landscape continues to evolve, this case serves as a reminder of the importance of safeguarding user information and holding entities accountable for breaches of trust.
