The report says NSO Group’s proprietary smartphone malware, Pegasus, harvests not only data stored on a device but also any information stored in the cloud, including a user’s location data, archived messages, and photos.
NSO Group, who previously installed the malware in Facebook’s WhatsApp, denied that it markets software capable of capturing data in the cloud. It’s unclear if it has developed the tools internally.
“The Financial Times got it wrong. NSO’s products do not provide the type of collection capabilities and access to cloud applications, services, or infrastructure suggested in this article,” the company told CNBC in a statement.
“Increasingly sophisticated terrorists and criminals are taking advantage of encrypted technologies to plan and conceal their crimes, leaving intelligence and law enforcement agencies in the dark and putting public safety and national security at risk. NSO’s lawful interception products are designed to confront this challenge.”
NSO Group says it has a screening process for clients and only sells to responsible governments for facilitating terrorism or criminal investigations.
In May, WhatsApp said a flaw in the messenger service could allow NSO Group software to be downloaded to phones through a simple phone call and to monitor calls made through the service. The Facebook-owned application put a patch in place to fix the problem.
NSO Group is also known for its alleged role in assisting the FBI in opening the phone of the San Bernardino mass shooter after Apple fought an FBI request to do so.
After the malware is installed on a device, the new capability can copy authentication keys from services including Google Drive, Facebook Messenger and iCloud, according to the FT. A separate server then mimics the device, including its location.
In turn, the malware allows for open-ended access to the cloud data of those apps, without triggering additional security layers like “2-step verification or warning email on a target device,” the FT reported, citing an NSO sales document.
Amazon said it hasn’t found any evidence of the malware on its systems.
“We have no evidence that Amazon corporate systems, including customer accounts, have been accessed by the software product in question,” the company told CNBC. “We take customer privacy and security extremely seriously, and will continue to investigate and monitor the issue.”
Microsoft declined to comment on the FT story but said it has a protection service that can help protect users against these kinds of attacks. A Facebook spokesperson said the company is reviewing the claims in the report.
Apple and Google did not immediately return requests for comment.
- Entrepreneur3 weeks ago
Tips for Young Entrepreneurs to Be on the Right Track and Succeed
- Finance3 weeks ago
Beginner Friendly Investment Tips for the Novice Investor
- Industrial3 weeks ago
Concrete Contractor Tips on Identifying Reliable Subcontractor
- Spotlight3 weeks ago
The Beckums Reveal How They’ve Helped Dozens Of Entrepreneurs Get On The Right Track
- Leadership7 days ago
Maintaining a Stress-Free Environment in the Construction Site: A Project Manager’s Perspective
- Marketing4 weeks ago
Impact of Social Media Marketing on Your Business
- Health2 weeks ago
10 Healing Properties of Onion
- Lifestyle3 weeks ago
Everything You Need To Know About Sri Lankan Chinese Rolls