Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Israeli spyware claims to beat Apple's iCloud security

Apple's iCloud is one of many cloud services the NSO Group reportedly claims it can hack

Last updated

NSO Group, which previously hacked WhatsApp, is advertising that it is able to gather all of an individual's cloud-hosted data from Apple, Google, Microsoft and more, using its Pegasus malware.

The Israeli company, NSO Group, has been telling its government customers that its Pegasus malware can now extract far more data about any given individual. As well as data on the person's smartphone, the claim is that the group can covertly retrieve all of the information that person has stored on servers owned by Apple, Google, Microsoft, Facebook and Amazon.

According to the Financial Times, that information includes all messages and photos, plus data concerning the entire history of the phone's location.

The NSO Group, whose software was recently used to hack WhatsApp, says that it develops this malware specifically for government use only.

"We do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure," a spokesperson said.

The FT notes that the group did not deny the claims of these capabilities, and that separate research efforts have shown the presence of Pegasus malware on the phones of journalists and human rights activists. The newspaper's unnamed sources who described an NSO sales demonstration, also provided documentary evidence.

The documents include a sales one which says full access is provided to a person's data without "prompting a two-step verification or warning email on [the] target device."

Graphic from the Financial Times illustrating how the NSO Group's Pegasus software now works
Graphic from the Financial Times illustrating how the NSO Group's Pegasus software now works (Source: Financial Times)

This Pegasus malware must be installed on the phone, with what appears to require root access. If an assailant has root access, a user has problems beyond iCloud monitoring. Methods of penetration have been demonstrated previously..

Once it is loaded, however, it's believed that the Pegasus malware copies the login credentials used to access cloud storage. That information is then sent to the government or other organization using the malware, and they then have full access to that cloud storage.

According to sales documents, the system works with even the latest iPhones and Android phones.

Apple responded to reporters from the FT, saying that its iOS is "the safest and most secure computing platform in the world." Apple has managed to block previous versions of Pegasus, both on iOS and macOS.

"While some expensive tools may exist to perform targeted attacks on a very small number of devices," continued Apple, "we do not believe these are useful for widespread attacks against consumers."

Similarly, Microsoft said it is "continually evolving" its protections. Amazon and Microsoft say they're investigating.