
The legal battle between Meta and the Israeli firm NSO Group has culminated in a devastating verdict for the latter. A California jury has ordered NSO to pay $167.4 million in damages for exploiting a WhatsApp vulnerability that enabled the covert installation of Pegasus spyware without users’ knowledge.
In May 2019, WhatsApp engineers discovered a critical zero-day vulnerability that allowed a device to be compromised through a single incoming call—even if the recipient never answered. Approximately 1,400 accounts were breached in the attack. Although the developers patched the flaw within days, Meta took further action by filing a lawsuit against Pegasus’s creators in October of the same year.
Pegasus is an advanced surveillance tool capable of infiltrating devices undetected, granting access to all data—including calls, messages, photos, and location—and enabling remote activation of the camera and microphone. According to Meta, NSO Group invests tens of millions of dollars annually to devise new methods of deploying such spyware via messaging apps, browsers, and operating systems.
The court proceedings stretched over four years. NSO attempted to defend itself by claiming it served only government clients and was entitled to sovereign immunity as a contractor for nation-states. However, new revelations surfaced during the trial: NSO’s affiliate, Westbridge, had offered Pegasus to U.S. law enforcement agencies, and the court gained access to the Pegasus source code through the discovery process.
Meta seized the opportunity to its fullest. Beyond securing a legal victory, the company is now releasing transcripts of NSO executives’ depositions, making them available to cybersecurity researchers and investigative journalists.
Additional support for Meta came from the Citizen Lab—Canada’s renowned research group that has long studied Pegasus. Senior analyst John Scott-Railton remarked that the involvement of a major tech company provided a powerful impetus for global awareness of the spyware’s threat.
NSO Group has pledged to appeal the verdict, calling it part of a protracted legal saga. The company continues to insist that its technology has saved countless lives and is used solely to combat terrorism.
Meanwhile, in 2021, Apple joined the lawsuit against NSO, accusing it of targeting iPhone users. Pegasus’s reported targets include government officials, diplomats, and dissident journalists—among them the slain Jamal Khashoggi, a connection NSO denies. In 2023, the U.S. Supreme Court declined to grant NSO immunity, clearing the path for a final judgment.
Meta has pledged to direct the full $167.4 million—should it be collected—toward funds dedicated to digital rights advocacy. For a company whose quarterly profit renders that sum equivalent to just 21 hours of revenue, the symbolic stance on protecting user rights has outweighed the financial figure.