Israeli Tech Firm NSO Group’s Tool Harvests Targeted iCloud Data: Report
A controversial Israeli software company claims to be able to hack people’s private data held by Amazon, Apple, Facebook, Google, and Microsoft.
According to a new report from The Financial Times, the NSO Group had “told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon, and Microsoft, according to people familiar with its sales pitch.”
NSO Group is able to secretly scrape data from the servers of the technology giants in order to steal a person’s location information, photos or messages, The Financial Times reported after speaking to people familiar with the firm’s sales pitch. The company is already notorious for its Pegasus malware, which is used by intelligence agencies to obtain private data from people’s smartphones.
The technique allegedly works by duplicating authentication keys from services such as Facebook Messenger and iCloud from an infected phone and then creating a virtual clone copy that can impersonate it. A target phone is infected by Pegasus, and once infected, the device grants access (to the operators) to cloud data of these apps, without triggering 2-step verification or sending a warning email on the target device.
The newspaper based its report on people who had attended a recent product demonstration by the Israeli company. It is not known how many individual cloud accounts may have been targeted by the technique.
An NSO spokesperson said: “We do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure.”
Pegasus — and NSO Group — gained notoriety earlier this year due to their exploit of a critical vulnerability in WhatsApp that allowed Pegasus to be transmitted to users’ iPhones by means of a WhatsApp call. WhatsApp released a statement where they acknowledged that the attack took place and that they told human rights groups to be aware of the threat.
WhatsApp has since closed the vulnerability, and the US Department of Justice is investigating.
Canada based cybersecurity research firm Citizen Lab, which helped in the discovery of NSO, has described Pegasus as NSO “signature spyware” and “designed to infect and remotely monitor mobile phones. Once inside, operators have complete control of and access to everything in the phone, including encrypted messages, location data, and its microphone and camera.”