William Gallagher
NSO Group, which previously hacked WhatsApp, is advertising that it is able to gather all of an individual's cloud-hosted data from Apple, Google, Microsoft and more, using its Pegasus malware.
The Israeli company, NSO Group, has been telling its government customers that its Pegasus malware can now extract far more data about any given individual. As well as data on the person's smartphone, the claim is that the group can covertly retrieve all of the information that person has stored on servers owned by Apple, Google, Microsoft, Facebook and Amazon.
According to the Financial Times, that information includes all messages and photos, plus data concerning the entire history of the phone's location.
The NSO Group, whose software was recently used to hack WhatsApp, says that it develops this malware specifically for government use only.
"We do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure," a spokesperson said.
The FT notes that the group did not deny the claims of these capabilities, and that separate research efforts have shown the presence of Pegasus malware on the phones of journalists and human rights activists. The newspaper's unnamed sources who described an NSO sales demonstration, also provided documentary evidence.
The documents include a sales one which says full access is provided to a person's data without "prompting a two-step verification or warning email on [the] target device."
This Pegasus malware must be installed on the phone, with what appears to require root access. If an assailant has root access, a user has problems beyond iCloud monitoring. Methods of penetration have been demonstrated previously..
Once it is loaded, however, it's believed that the Pegasus malware copies the login credentials used to access cloud storage. That information is then sent to the government or other organization using the malware, and they then have full access to that cloud storage.
According to sales documents, the system works with even the latest iPhones and Android phones.
Apple responded to reporters from the FT, saying that its iOS is "the safest and most secure computing platform in the world." Apple has managed to block previous versions of Pegasus, both on iOS and macOS.
"While some expensive tools may exist to perform targeted attacks on a very small number of devices," continued Apple, "we do not believe these are useful for widespread attacks against consumers."
Similarly, Microsoft said it is "continually evolving" its protections. Amazon and Microsoft say they're investigating.
Christine McKee
AppleInsider Staff
Chip Loder
Malcolm Owen
35 Comments
Does this method require physical access to the device to install the Pegasus software? It sounds like that is the case, which makes the threat of most people’s data being compromised much lower.
So, Israel admits spying on Americans. What are the chances Trump will do anything about it?
Carl Sagan said Extraordinary claims require extraordinary evidance. Any charlatan can claim something. Prove it.
Not that I have indepth knowledge of this new method, but pretty much all online services already detect for access collisions. I.E. If the phone tries to connect and the 3rd party tool are also connected, the server will dump both.