The Israeli company NSO Group has recently hit the headlines with its Spyware Pegasus. With the help of a vulnerability in WhatsApp, Pegasus was able to get on the phones of his victims to spy on them. Now, the NSO Group has apparently succeeded in secretly capturing or even deleting all of the data of one person from the servers of Apple, Google, Facebook, Amazon, and Microsoft.
The spyware of the NSO Group, called Pegasus, has been used for years by secret services and governments around the world against payment. So far, it was mostly about collecting data from the phones of the target persons.
Pegasus, the vacuum cleaner
The spyware has now been further developed to capture a much larger body of information. Information that goes far beyond the data stored in the smartphone. According to a recent product demonstration leaked to the Financial Times, the spyware can now access data stored in a cloud. So also a complete history of the location data of a user. But also in the cloud archived messages, photos or contact information can now spy on Pegasus.
The new software should be able to copy the authentication keys of various services from an infected smartphone. For example, from Amazon, Google Drive, Facebook Messenger and iCloud. As a result, using a dedicated server makes it easy to mimic the phone, including its location.
So the software is able to get unlimited access to the cloud data of these apps. This access then takes place without the ” usual 2-stage verification”. Also, the usual warning by e-mail on the target device fails, the NSO Group advertises their malware in the product demonstration.
Even the latest iPhones and Android smartphones are affected
According to a product demonstration by NSO’s parent company Q-Cyber, which was prepared for the Uganda government earlier this year, it works on most of the latest iPhones and Android smartphones. The product demonstration promoted Pegasus’ ability to ” retrieve the keys to open cloud storage “ and ” synchronize and extract data independently “.
According to the documents of the Financial Times spyware allows ongoing access to data uploaded to the cloud from laptops, tablets, and phones. Even if Pegasus has been removed from the originally infected smartphone, it can still access the data.
The only way to protect yourself so far
The actual number of victims is unknown. Security teams from the affected companies in Silicon Valley are now investigating the method of the new espionage software. So far, this has been regarded as a secure authentication technology throughout the industry. One of the documents contained in the product demonstration was just an old-fashioned way to prevent this type of eavesdropping: changing an app’s password and revoking login privileges.