A federal judge in Northern California has ruled against Israeli spyware company NSO Group in a landmark case involving the unauthorized hacking of WhatsApp users' devices.
The court found NSO Group violated both state and federal hacking laws when it exploited a vulnerability in WhatsApp's audio calling feature to install its Pegasus spyware on approximately 1,400 devices without user consent.
The ruling comes in response to a lawsuit filed by Meta-owned WhatsApp five years ago. According to court documents, NSO Group's actions directly violated WhatsApp's terms of service, which explicitly prohibit using the platform for malicious activities.
Judge Phyllis Hamilton noted that NSO Group did not deny reverse-engineering WhatsApp's software to deploy its spyware, though questions remained about the timing of these actions relative to accepting the service terms.
The victims of the hack included over 100 human rights advocates, journalists, civil society members, government officials, and diplomats. The spyware gave NSO Group unauthorized access to these users' devices and their personal information.
This verdict represents a major victory for WhatsApp and sets a precedent for holding spyware companies accountable for unauthorized surveillance activities through messaging platforms.
The case highlights growing concerns about commercial spyware and its potential misuse against journalists, activists, and other individuals worldwide.