The Israeli company whose spyware hacked WhatsApp has told buyers that it can quietly scrape all of an individual's data from servers of Apple, Google, Facebook, and Microsoft, the Financial Times reported. NSO Group's flagship spyware Pegasus can capture user data beyond the cloud, such as a full history of location data, and archived messages or photos. According to the publication, while NSO Group denied promoting hacking or mass surveillance tools for cloud services, it did not specifically deny that it had developed capability described in its documents. How does NSO get access to so much user data? The new technique is reportedly said to copy the authentication keys of services such as Google Drive, Facebook Messenger and iCloud, among others, from an infected phone, allowing a separate server to then impersonate the phone. A target phone is infected by Pegasus, and once infected, the device grants access (to the operators) to cloud data of these apps, without triggering 2-step verification or sending a warning email on the target device. What devices can the spyware infect? Pegasus can infect the latest iPhones and Android smartphones. It also allows ongoing access to data uploaded from laptops, tablets, and phones, even after Pegasus is removed from the initially targeted smartphone. NSO Group installed a spyware on WhatsApp as well NSO Group has previously been linked to a spyware on WhatsApp, which could to used to install surveillance software on iPhones and Android phones. The vulnerability was discovered when it was used in…
