NSO Group Pegasus Spyware can break into Cloud Services, transfer user data to server
Israel's spyware company NSO Group's powerful Pegasus malware – the same spyware involved in a breach of WhatsApp earlier this year, is capable of scratching target data from the servers of Apple, Google , Amazon, Facebook and Microsoft, according to a report in the Financial Times on Friday.
According to the Times, "people familiar with the point of sale" as well as leaked sales documents show that the NSO group parent company Q-Cyber announces Pegasus has the ability to copy authentication keys to services including Google Disk, Facebook Messenger and iCloud from an infected phone to a web server that can then independently download the target's entire online history. the documents advertise the functionality that allows continuous access to data stored on servers by tech giants that persist beyond the Pegasus infection on the phone itself (presumably until the authentication key is invalid):
It works on any device that Pegasus can infect, including many of the latest iPhones and Android smartphones, according to the documents, providing continuous access to data uploaded to the cloud from laptops, tablets and phones – even though Pegasus has been removed from the originally targeted smartphone.
A stretch document from NSO's parent company, Q-Cyber, prepared for the Uganda government earlier this year, announced Pegasu's ability to "retrieve the keys that open the cloud vaults" and "independent synchronization data".
The documents boast that they have access to a "cloud endpoint", access to "far and above smartphone content," the Times wrote.
Amazon said there was no evidence that the servers had been broken, such as Google, according to the newspaper. Facebook said it was reviewing the requirements, while Microsoft said the security tools were "continuously developed", and Apple noted that while "expensive tools might exist to perform targeted attacks," it does not think they are useful for widespread attacks on consumers. "
A spokesman from the NSO group told the Times that" We do not provide or market any kind of hacking or mass-gathering capability to any cloud applications, services or infrastructure, "even though it did not refuse to have developed the functionality.
WhatsApp- The breach was a remarkable "zero click zero day" example by allowing it to infect a targeted device simply by sending a link to the one that didn't even have to be clicked to deliver its malware payload. Behind the attack, and the Justice Department is investigating, according to the Times.
The NSO Group has consistently denied selling its products to governments other than legal law enforcement and intelligence operations, however, Toronto-based Citizen Lab researchers have identified the tools in use in dozens of countries, including targeting Omar Abdulaziz, a Saudi dissident living in Canada as part of an asylum program. iz was in contact with fellow democracy Jamal Khashoggi before the latter was lured to the Saudi consulate in Turkey, tortured and killed last year.
Citizen Lab and Mexican non-governmental organizations have also reported that the Mexican government has used Pegasus to spy illegally on journalists, lawyers and activists, and the NSO group has reportedly sold its tools to a number of autocratic regimes. Founder and CEO Shalev Hulio has justified targeted lawyers and journalists. The company is facing several lawsuits in Israel and Cyprus over alleged misuse of their spyware.
As the next web is noted, cloud adoption accelerates rapidly at a rapid pace, making vulnerabilities such as those identified in the Times report critical. The Cybersecurity firm Check Point has recently identified unauthorized access to cloud and account as one of the biggest exploits for shooting services, while password-free two-step authentication can be a way to protect customers from such attacks, Next Web noted.
[Financial Times]
