It is reported that an Israeli Cybersecurity company invented spyware that can glitch data from the servers Facebook, Amazon, of Apple, Google, and Microsoft products, according to The Financial Times.
According to the report of the NSO Group’s proprietary smartphone malware, any information stored in the cloud, including a user’s location data, archived messages and photos can be stored in the Pegasus. Also, the NSO denied that it markets software capable of capturing data in the cloud. It’s vague if it has developed the tools internally in the malware. NSO Group is infamously reported that they were part in assisting the FBI in opening the phone of the San Bernardino mass shooter after Apple fought an FBI request to do so.
Is Israeli CyberSecurity a threat?
The NSO Group clearly stated that it has a screening process for clients and only sells to responsible governments for facilitating terrorism or criminal investigations.
The company told CNBC in a statement. “The Financial Times got it wrong. NSO’s products do not provide the type of collection capabilities and access to cloud applications, services, or infrastructure suggested in this article,”
“Increasingly sophisticated terrorists and criminals are taking advantage of encrypted technologies to plan and conceal their crimes, leaving intelligence and law enforcement agencies in the dark and putting public safety and national security at risk. NSO’s lawful interception products are designed to confront this challenge.”
Consequently, in the month of May, WhatsApp said a flaw in the messenger service could allow NSO Group software to be downloaded to phones through a simple phone call and to monitor calls made through the service.
The new capability can copy authentication keys from services including Google Drive, Facebook Messenger and iCloud after the malware is installed on a device, according to the FT. A separate server then mimics the device, including its location.
In turn, the malware allows for open-ended access to the cloud data of those apps, without triggering additional security layers like “2-step verification or warning email on the target device,” the FT reported, citing an NSO sales document.
“We have no evidence that Amazon corporate systems, including customer accounts, have been accessed by the software product in question,” the company told CNBC. “We take customer privacy and security extremely seriously, and will continue to investigate and monitor the issue.”
A Facebook spokesperson said the company is reviewing the claims in the report and also Apple and Google did not immediately return requests for comment.
Microsoft refused to give an address on the FT story but said it has a protection service that can help protect users against these kinds of attacks.
More News Stories here