Background of the Pegasus WhatsApp Lawsuit: Ongoing legal battle between NSO Group and WhatsApp
The lawsuit between Israel-based spyware manufacturer NSO Group and Meta owned messaging platform WhatsApp has been ongoing for a long time. NSO Group’s spyware called Pegasus is considered one of the most advanced spyware technologies available today according to privacy experts.
It has the ability to infect Android and iOS devices without any interaction from the target via zero-click exploits. WhatsApp had sued NSO Group in 2019 after it was revealed that about 1,400 users were infected with Pegasus via WhatsApp.
Judge denies WhatsApp’s request to depose additional witnesses from NSO Group
In the latest hearing, US District Court Judge Phyllis Hamilton denied a request by WhatsApp to allow it to depose additional witnesses from NSO Group in Israel and subject them to turn over documents. WhatsApp had argued that the three current NSO Group executives – CEO Yaron Shohat, vice president of research and development Tamir Gazneli and vice president of client executives Ramon Eshkar, will not provide a full picture of the hacks and how Pegasus is deployed. However, Judge Hamilton ruled that the “discovery sought can be obtained from deponents who have already agreed to appear.”
Technical details of the Pegasus zero-click exploit
Pegasus is a highly advanced spyware that can be delivered to target devices without any user interaction via what is known as a zero-click exploit. This means the malware can infect the device even if the target does not click on any link or download anything. The spyware is then able to extract passwords, contact lists, calendar events, text messages and can even secretly activate microphones and cameras to record the target’s surroundings.
Other rulings in the case
The judge also denied NSO Group’s attempt to depose a digital forensic researcher from The Citizen Lab, an organization which has been investigating Pegasus misuse. NSO Group also failed in their request to obtain pre-litigation communications between WhatsApp and Citizen Lab. Throughout the case, NSO Group has consistently tried to access documents from Citizen Lab even when they are not a party to the lawsuit.
Impact of the rulings
By limiting the number of additional witnesses and documents access, the judge has made it harder for WhatsApp to uncover further details around NSO Group’s spyware sales and deployment practices. However, the case is still ongoing and more technical details around the zero-day exploit used against WhatsApp could emerge during the approved depositions. The ruling could also impact other similar spyware lawsuits involving NSO Group and their products.
In summary, the judge denied WhatsApp’s request to expand the scope of discovery and ruled that the three approved NSO Group executives are sufficient for providing information on company’s Pegasus related practices involved in the WhatsApp hacks. This is a major setback for WhatsApp’s case against the Israeli spyware vendor.
