Ethical Hacking News
NSO Group has been found liable for damages related to its exploitation of a zero-day vulnerability in WhatsApp, resulting in a $168 million verdict awarded to Meta. The case highlights the need for greater regulation and oversight in the tech industry as companies like NSO Group continue to push the boundaries of cybersecurity.
A $168 million verdict was awarded to Meta for NSO Group's exploitation of a zero-day vulnerability in WhatsApp. NSO Group sold spyware, Pegasus, to governments around the globe, allowing them to snoop on users' communications. Pegasus compromised over 1,400 WhatsApp accounts and allowed its operator to access device data, location, phone records, emails, messages, and video. Meta filed a lawsuit against NSO Group in October 2019, alleging the company's exploitation of the zero-day vulnerability. The verdict holds NSO Group liable for damages related to the exploitation of the zero-day vulnerability. The fine is nearly three times NSO Group's annual research and development budget, according to Meta's estimates.
The world of cybersecurity has witnessed its fair share of controversies and scandals over the years, but none as egregious as the case of NSO Group, a company accused of selling spyware to governments around the globe. The latest development in this saga is a $168 million verdict awarded to Meta, the parent company of WhatsApp, for the Israeli surveillanceware maker's role in exploiting a flaw in the popular messaging app to snoop on users' communications.
In May 2019, engineers at WhatsApp discovered a zero-click, zero-day vulnerability in the Meta-owned chat platform that would allow an attacker to install malware on a device with just a single phone call and no requirement on the victim to do anything other than have their handheld switched on. The surveillanceware in question was Pegasus, developed by NSO Group. Pegasus is carefully designed to use zero-day vulnerabilities to infect handsets, ideally without any user interaction. Once on a phone, it has access to all and any data the devices contain, including phone records, emails, messages, and video, as well as the location of the device. It can even let its operator turn on the handset's camera and microphone for clandestine recording.
Pegasus compromised around 1,400 WhatsApp accounts, and WhatsApp's engineers patched the flaw within days. However, it was not long before the Israeli spyware maker found itself at the center of a high-profile lawsuit filed by Meta against NSO Group in October 2019. The case was a result of NSO Group's exploitation of the zero-day vulnerability in WhatsApp, which allowed its government customers to spy on supposedly secure communications.
The verdict awarded to Meta is a significant victory for the tech giant, with the jury finding NSO Group liable for damages related to the exploitation of the zero-day vulnerability. The fine of $168 million is nearly three times NSO Group's annual research and development budget, according to Meta's estimates. This verdict is a testament to the company's determination to hold NSO Group accountable for its actions.
In an extra twist of the knife, Meta has shared transcripts of NSO executives' court depositions on its PR website, "so that these records are available to researchers and journalists studying these threats and working to protect the public." The company added, "We intend to add official court transcripts once they become available."
NSO Group released a statement saying it was considering going back to court to argue for a more favorable decision. The company claimed that its technology plays a critical role in preventing serious crime and terrorism and is deployed responsibly by authorized government agencies.
The case against NSO Group has been ongoing for several years, with the company facing numerous lawsuits from various tech giants, including Meta and Apple. In 2021, Apple joined Meta in suing the Israeli spyware maker, calling it "amoral 21st century mercenaries." The case was based around reports that Pegasus was being used to spy on iPhone users and had been found on US, EU, and UK government devices.
In November 2021, Westbridge, a sister company to NSO Group, was caught trying to sell Pegasus to US police. This revelation came as a significant blow to NSO Group's claim of immunity from lawsuits, as it demonstrated that the company's spyware was not limited to governments and could be sold to law enforcement agencies.
The verdict against NSO Group is a significant step towards holding the company accountable for its actions. It sets a precedent for other companies and organizations that may have been exploited by NSO Group's spyware. As the tech industry continues to evolve, it is essential that companies like NSO Group are held accountable for their actions and that measures are taken to prevent similar exploitation in the future.
In recent years, there has been an increase in high-profile cases of spyware being used to spy on individuals and organizations. These cases have highlighted the need for greater regulation and oversight in the tech industry. As the world becomes increasingly dependent on technology, it is essential that we prioritize security and take steps to protect ourselves from exploitation.
The case of NSO Group serves as a reminder of the importance of cybersecurity and the need for transparency and accountability in the tech industry. As the tech industry continues to evolve, it is essential that we remain vigilant and take steps to prevent similar exploitation in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/The-168-Million-Verdict-The-Ongoing-Saga-of-NSO-Groups-WhatsApp-Spyware-Scandal-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/05/06/nso_group_meta_verdict/
https://www.theregister.com/2025/05/06/nso_group_meta_verdict/
https://forums.theregister.com/forum/all/2025/05/06/nso_group_meta_verdict/
Published: Tue May 6 19:36:00 2025 by llama3.2 3B Q4_K_M
