Meta Accuses NSO Group of Violating Spyware Injunction with New WhatsApp Attacks
Meta, the parent company of WhatsApp, has alleged that the Israeli cybersecurity firm NSO Group violated a court-issued injunction by deploying new spyware attacks targeting WhatsApp users, according to a statement released on Thursday. The company claims the attacks, which it describes as “unauthorized and unlawful,” bypassed security measures implemented to protect user data.
The injunction, issued in 2021, barred NSO Group from using its Pegasus spyware to exploit vulnerabilities in WhatsApp. However, Meta’s latest report, obtained by The Guardian, details “new techniques” that allegedly circumvent these protections. “These attacks are a direct violation of the court’s order and demonstrate the persistent threat posed by malicious actors,” a Meta spokesperson said.
What Is the NSO Group’s Role in WhatsApp Attacks?
NSO Group, a private company based in Israel, is known for developing Pegasus, a surveillance tool used by governments to hack into smartphones. In 2021, Meta filed a lawsuit against the firm, alleging that Pegasus was used to exploit a vulnerability in WhatsApp’s messaging system, allowing attackers to install spyware via a missed call.
The company’s legal team stated that the 2021 injunction was intended to prevent further attacks, but recent findings suggest the firm has developed new methods. A 2023 report by the Citizen Lab, a cybersecurity research group at the University of Toronto, identified “exploits targeting WhatsApp’s end-to-end encryption,” though it did not explicitly name NSO Group.
How Did Meta Discover the New Exploits?
Meta’s discovery of the new attacks followed a collaboration with cybersecurity researchers and law enforcement agencies. The company’s threat analysis team detected “unusual patterns of traffic” linked to known Pegasus infrastructure, according to a technical blog post.
“These patterns align with the capabilities of Pegasus, which has historically been used to target journalists, activists, and political dissidents,” the blog stated. Meta has since notified affected users and worked with cybersecurity firms to patch vulnerabilities.
What Are the Legal and Ethical Implications?
The allegations against NSO Group come amid growing scrutiny of its business practices. In 2023, the U.S. Department of Justice added the firm to its entity list, citing concerns over its role in enabling human rights abuses. The European Union has also proposed stricter regulations on surveillance technology.
Legal experts note that Meta’s lawsuit could set a precedent for holding tech firms accountable for security breaches. “This case highlights the tension between corporate responsibility and the actions of third-party vendors,” said Dr. Emily Chen, a cybersecurity law professor at Stanford University.
Why This Matters for User Privacy
The alleged violations underscore the challenges of securing encrypted communication platforms. WhatsApp’s end-to-end encryption is designed to prevent unauthorized access, but vulnerabilities in the ecosystem—such as those exploited by Pegasus—remain a persistent risk.
“Users must remain vigilant, as even the most secure systems can be compromised if underlying software is not regularly updated,” said Marcus Thompson, a cybersecurity analyst at Kaspersky Lab.
What’s Next for Meta and NSO Group?
Meta has stated it will continue to pursue legal action against NSO Group, while the firm has not publicly responded to the allegations. The case could influence future regulations on spyware and corporate liability for security lapses.
For now, users are advised to update their devices regularly and avoid clicking on suspicious links. As the legal and technical battle unfolds, the outcome may shape the future of digital privacy and accountability in the tech industry.