A California federal judge has ruled that Israeli spyware maker NSO Group is liable for hacking into 1,400 WhatsApp users’ devices, granting WhatsApp’s request for a partial summary judgment on Friday. U.S. District Judge Phyllis J. Hamilton’s decision resolves liability issues and leaves only damages to be addressed at trial, marking a crucial win for privacy advocates.
Judge Hamilton granted summary judgment on all three of WhatsApp’s claims against NSO, including allegations that the spyware company violated federal law by unlawfully accessing WhatsApp’s servers.
“Defendants appear to fully acknowledge that the [WhatsApp Installation Server, or WIS,] sent messages through WhatsApp servers that caused Pegasus” — NSO’s spyware product — “to be installed on target users’ devices, and that the WIS was then able to obtain protected information by having it sent from the target users, through the WhatsApp servers, and back to the WIS,” Judge Hamilton stated in her order.
The court also ruled in favor of WhatsApp’s breach of contract claim, which accused NSO of violating terms of service prohibiting reverse engineering, sending malicious code, collecting user data, unauthorized access, and illegal use of the app. NSO had claimed it might have reverse-engineered WhatsApp’s software before agreeing to the terms of service, but Judge Hamilton dismissed this argument, noting that the company failed to provide evidence supporting such a claim.
