Back in 2019, Meta filed a lawsuit against NSO Group over the latter’s Pegasus spyware, which was used to target more than a thousand WhatsApp users in 20 countries, including journalists, human rights activists and diplomats. Now, a jury has ruled that the Israeli firm must pay Meta more than US$167 million (~RM707 million) in damages. The verdict is the culmination of a years-long legal battle, with a judge ruling in Meta’s favour last year.
Pegasus exploited a flaw in WhatsApp’s voice call feature, allowing malware to be spread even when the calls went unanswered. Once a device has been infected, the spyware could access the data on any installed app, including financial and location information, as well as correspondence such as emails and text messages.
However, WhatsApp is not the sole target of NSO’s spyware. According to Meta, the trial revealed that NSO invested “tens of millions of dollars annually” in developing malware installation methods, which include instant messaging, browsers, and operating systems. The company’s spyware is reportedly still capable of compromising both iOS and Android devices.
Meta said in a statement that the ruling in this case is a crucial step forward for privacy and security as the first victory against the creation and use of illegal spyware. The verdict serves as a critical deterrent against spyware companies seeking to target people around the world.
Meta also acknowledged the “long road ahead” to collect damages from NSO, and that it plans on securing a court order to prevent WhatsApp from being targeted by the firm in the future. Additionally, Meta intends to make a donation to digital rights organisations.
