Stay Updated Icon

Subscribe to Our Tech & Career Digest

Join thousands of readers getting the latest insights on tech trends, career tips, and exclusive updates delivered straight to their inbox.

WhatsApp vs. NSO Group: Key Revelations from the Spyware Lawsuit

6:32 PM   |   10 May 2025

WhatsApp vs. NSO Group: Key Revelations from the Spyware Lawsuit

WhatsApp vs. NSO Group: Key Revelations from the Spyware Lawsuit

The legal battle between WhatsApp and NSO Group, which culminated in a $167 million jury verdict, has unearthed critical insights into the world of spyware and digital surveillance. This article delves into the key revelations from the trial, shedding light on the methods, targets, and internal practices of NSO Group.

Background: WhatsApp's Lawsuit Against NSO Group

In October 2019, WhatsApp initiated a lawsuit against NSO Group, accusing the company of exploiting a vulnerability in its audio-calling feature to hack over 1,400 users. The spyware, known as Pegasus, could be installed on a target's phone without any interaction from the user, a technique known as a zero-click attack. This legal confrontation spanned over five years, revealing significant details about NSO Group's operations and the capabilities of its spyware.

Key Revelations from the Trial

1. How the WhatsApp Attack Worked

The trial revealed the intricate details of how NSO Group executed the zero-click attack on WhatsApp users. According to testimony, NSO Group created a “WhatsApp Installation Server” designed to mimic real WhatsApp messages and send malicious code across WhatsApp’s infrastructure.

Antonio Perez, WhatsApp’s lawyer, explained that the attack involved placing a fake WhatsApp phone call to the target. Once the malicious message was received, it would trigger the user's phone to connect to a third-party server and download the Pegasus spyware. The only requirement for this attack was the target's phone number.

Tamir Gazneli, NSO Group’s research and development vice president, acknowledged that any zero-click solution was a significant advancement for Pegasus.

2. NSO Group Targeted an American Phone Number for the FBI

For years, NSO Group maintained that its spyware could not be used against American phone numbers (those starting with the +1 country code). However, during the trial, it was confirmed that NSO Group had, in fact, targeted a U.S. phone number as part of a test for the FBI.

NSO Group’s lawyer, Joe Akrotirianakis, stated that the “single exception” to the policy of not targeting +1 numbers was a specially configured version of Pegasus used in a demonstration for potential U.S. government clients.

The FBI ultimately decided not to deploy Pegasus after the test.

3. How NSO Group’s Government Customers Use Pegasus

NSO Group’s CEO, Yaron Shohat, explained that the user interface for Pegasus does not allow government customers to select specific hacking methods. Instead, the Pegasus system automatically chooses the appropriate exploit to use against each target.

Shohat stated that customers are primarily concerned with obtaining intelligence and do not focus on the technical details of how the spyware achieves its objectives.

4. NSO Group's Headquarters Share a Building with Apple

In a notable coincidence, NSO Group’s headquarters in Herzliya, Israel, is located in the same building as Apple, a company whose iPhone users are frequently targeted by Pegasus. NSO occupies the top five floors, while Apple occupies the remainder of the 14-floor building.

The open advertisement of NSO Group’s headquarters contrasts with other spyware companies, such as Variston, which attempted to conceal its true location.

5. NSO Group Continued Targeting WhatsApp Users After the Lawsuit Was Filed

Despite WhatsApp filing its lawsuit against NSO Group in November 2019, the spyware maker continued to target WhatsApp users. Tamir Gazneli, NSO Group’s research and development vice president, revealed that one version of the WhatsApp zero-click vector, codenamed “Erised,” was in use from late 2019 up to May 2020. Other versions, known as “Eden” and “Heaven,” were collectively called “Hummingbird.”

The Technical Aspects of Pegasus Spyware

Pegasus is a highly sophisticated spyware developed by the Israeli cyber-arms company NSO Group. It is designed to infiltrate smartphones running iOS and Android operating systems and allows operators to extract a wide range of data, including messages, emails, photos, and location data. The spyware can also be used to activate the phone's microphone and camera, turning the device into a surveillance tool.

Zero-Click Exploits

One of the most concerning aspects of Pegasus is its use of zero-click exploits. These exploits allow the spyware to be installed on a target's phone without requiring any interaction from the user. This means that even cautious users who avoid clicking on suspicious links or opening unknown attachments can still be compromised.

The zero-click attacks often exploit vulnerabilities in popular apps like WhatsApp, iMessage, and others. By sending a specially crafted message or notification, the attacker can trigger the exploit and install Pegasus without the user's knowledge.

Evasion Techniques

Pegasus employs a variety of evasion techniques to avoid detection. It can hide its processes, delete traces of its activity, and encrypt its communications to prevent analysis. The spyware is also designed to self-destruct if it detects that it is being analyzed or if the phone is in a compromised state.

Ethical and Legal Implications

The use of spyware like Pegasus raises significant ethical and legal concerns. While NSO Group claims that its spyware is only sold to governments for the purpose of fighting terrorism and crime, there have been numerous reports of it being used to target journalists, human rights activists, and political dissidents.

Human Rights Concerns

The targeting of journalists and activists with spyware has a chilling effect on freedom of speech and the ability of civil society organizations to operate. When individuals fear that their communications are being monitored, they may be less likely to speak out against government policies or to investigate corruption and human rights abuses.

Legal Challenges

The use of spyware also raises legal questions about privacy and surveillance. In many countries, it is illegal for governments to intercept communications without a warrant. However, the use of spyware like Pegasus allows governments to bypass these legal protections and conduct surveillance without judicial oversight.

The Broader Context of Cyber Surveillance

The WhatsApp vs. NSO Group lawsuit is just one example of the growing problem of cyber surveillance. As technology advances, governments and private companies are developing increasingly sophisticated tools for monitoring and tracking individuals. This raises fundamental questions about the balance between security and privacy in the digital age.

The Role of Governments

Governments have a legitimate need to protect their citizens from terrorism and crime. However, it is essential that they do so in a way that respects human rights and the rule of law. This means ensuring that surveillance activities are subject to judicial oversight and that individuals have the right to challenge unlawful surveillance.

The Responsibility of Tech Companies

Tech companies also have a responsibility to protect the privacy of their users. This means designing their products and services with privacy in mind and taking steps to prevent them from being used for surveillance purposes. Companies should also be transparent about how they collect and use data and give users control over their own information.

The Future of Spyware and Cyber Security

The ongoing evolution of spyware and cyber security presents a complex and ever-changing landscape. As technology advances, so do the methods used by both attackers and defenders. Staying ahead requires continuous innovation, vigilance, and a commitment to ethical practices.

Advancements in Spyware Technology

Spyware technology is becoming increasingly sophisticated, with new techniques being developed to bypass security measures and evade detection. This includes the use of artificial intelligence and machine learning to automate attacks and improve their effectiveness.

Enhancements in Cyber Security

In response to the growing threat of spyware, cyber security professionals are developing new tools and techniques to protect against attacks. This includes the use of advanced threat detection systems, behavioral analysis, and machine learning to identify and block malicious activity.

The Importance of Collaboration

Effective cyber security requires collaboration between governments, tech companies, and cyber security professionals. By sharing information and working together, they can better protect against the evolving threat of spyware and other cyber attacks.

Conclusion

The WhatsApp vs. NSO Group lawsuit has provided valuable insights into the world of spyware and cyber surveillance. The revelations from the trial highlight the need for greater transparency and accountability in the use of these technologies. As technology continues to evolve, it is essential that we strike a balance between security and privacy to protect human rights and the rule of law.