The Israeli company whose spyware hacked WhatsApp has told buyers that it can quietly scrape all of an individual’s data from servers of Apple, Google, Facebook, and Microsoft, the Financial Times reported. NSO Group’s flagship spyware Pegasus can capture user data beyond the cloud, such as a full history of location data, and archived messages or photos. According to the publication, while NSO Group denied promoting hacking or mass surveillance tools for cloud services, it did not specifically deny that it had developed capability described in its documents.
How does NSO get access to so much user data?
The new technique is reportedly said to copy the authentication keys of services such as Google Drive, Facebook Messenger and iCloud, among others, from an infected phone, allowing a separate server to then impersonate the phone. A target phone is infected by Pegasus, and once infected, the device grants access (to the operators) to cloud data of these apps, without triggering 2-step verification or sending a warning email on the target device.
What devices can the spyware infect?
Pegasus can infect the latest iPhones and Android smartphones. It also allows ongoing access to data uploaded from laptops, tablets, and phones, even after Pegasus is removed from the initially targeted smartphone.
NSO Group installed a spyware on WhatsApp as well
NSO Group has previously been linked to a spyware on WhatsApp, which could to used to install surveillance software on iPhones and Android phones. The vulnerability was discovered when it was used in an attempted attack on a lawyer involved in a lawsuit against NSO. Citizen Lab observed the attack on the lawyers phone, and had suspected that the person would be targeted. Citizen Lab has been investigating the NSO Group and the usage of its Pegasus software by governments to target dissidents and journalists.
WhatsApp has since closed the vulnerability, and the US Department of Justice is investigating.
Canada based cybersecurity research firm Citizen Lab, which helped in the discovery of NSO, has described Pegasus as NSO “signature spyware” and “designed to infect and remotely monitor mobile phones. Once inside, operators have complete control of and access to everything in the phone, including encrypted messages, location data, and its microphone and camera.”