The Supreme Court on Monday rejected an Israeli spyware maker’s bid to derail a high-profile lawsuit filed by the WhatsApp messaging service.
The justices left in place lower court rulings against the Israeli firm, NSO Group. WhatsApp claims that NSO targeted some 1,400 users of the encrypted messaging service with highly sophisticated spyware.
WhatsApp parent Facebook, now called Meta Platforms Inc., is trying to block NSO from Facebook platforms and servers and recover unspecified damages.
NSO argued that it should be recognized as a foreign government agent and therefore be entitled to immunity under U.S. law limiting lawsuits against foreign countries. The request appeals a pair of earlier federal court rulings that rejected similar arguments by the Israeli company.
The Biden administration recommended that the court turn away the appeal. The Justice Department wrote that “NSO plainly is not entitled to immunity here.”
NSO’s flagship product, Pegasus, allows operators to covertly infiltrate a target’s mobile phone, gaining access to messages and contacts, the camera and microphone and location history. Only government law enforcement agencies can purchase the product and all sales are approved by Israel’s Defense Ministry, NSO said. It does not identify its clients.
WhatsApp says at least 100 of the users connected to its lawsuit were journalists, rights activists and civil society members. Critics have said that NSO’s clients include Saudi Arabia, the United Arab Emirates, Jordan and Poland and that those countries have abused the system to snoop on critics and stifle dissent.
NSO said it has safeguards in place to prevent abuses, although the company also said it has no control over how its clients use the product.
The WhatsApp case is among a series of legal battles plaguing NSO. In a separate lawsuit, Apple says it aims to prevent NSO from breaking into products. It claimed Pegasus had affected a small number of iPhone users worldwide, calling NSO’s employees “amoral 21st century mercenaries.”
In November, journalists from an investigative news outlet in El Salvador also sued NSO in a U.S. court after Pegasus spyware was detected on their iPhones.
“NSO’s spyware has enabled cyberattacks targeting human rights activists, journalists, and government officials. We firmly believe that their operations violate U.S. law and they must be held to account for their unlawful operations,” WhatsApp spokesperson Carl Woog said in a statement.
A lawyer for the journalists who sued also praised the court’s action. “Today’s decision clears the path for lawsuits brought by the tech companies, as well as for suits brought by journalists and human rights advocates who have been victims of spyware attacks,” Carrie DeCell, senior staff attorney at the Knight First Amendment Institute at Columbia University, said in a statement.
In its own statement, NSO said: “We are confident that the court will determine that the use of Pegasus by its customers was legal.”
NSO also has been blacklisted by the U.S. Commerce Department, limiting its access to U.S. technology. U.S. officials said the company’s products were complicit in “transnational repression.”
Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation
Related: US Puts New Controls on Israeli Spyware Company NSO Group
Related: Apple Ships Urgent Patch for FORCEDENTRY Zero-Days
Related: Apple Confirms New Zero-Day Attacks on Older iPhones

More from Associated Press
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
- Google Suspends Chinese Shopping App Amid Security Concerns
- Silicon Valley Bank Seized by FDIC as Depositors Pull Cash
- Congress Members Warned of Significant Health Data Breach
- Cyberattack Hits Major Hospital in Spanish City of Barcelona
- European Police, FBI Bust International Cybercrime Gang
- BetterHelp Shared Users’ Sensitive Health Data, FTC Says
- EPA Mandates States Report on Cyber Threats to Water Systems
Latest News
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
