It has been nearly three months since we reported on a severe vulnerability in WhatsApp that allowed hackers to install spyware through the application. That particular flaw meant users on Android and iOS were vulnerable to spyware attacks. Now, the company behind that spyware have developed a new Pegasus tool that could have wider implications.
That company is NSO Group, an Israeli firm that creates software for intelligence agencies and governments. NSO helps those entities collect data from individual devices. In other words, the company develops technology that helps agencies spy on users and essentially steal their data.
Hardly makes for good reading does it? Well, it gets worse because NSO Group has developed a new version of its Pegasus spyware that allows governments and intelligence agencies to scrape all data from servers operated by Google, Facebook, Amazon, Apple, and Microsoft.
Yes, those are the largest tech companies in the world and in one way or another their services reach just about every device-packing individual on the planet. Services operated by these companies include Windows, Office, Azure, Amazon, Amazon Web Services, Android, Google Search, Gmail, Facebook, Instagram, iOS, Mac. You get the picture.
The new spyware copies authentication keys of services owned by these companies, such as iCloud of OneDrive on a device. With these authentication keys, the tool runs them from a separate server to essentially mimic the device from a remote location.
So sophisticated is the spyware that it can work around location restrictions. For example, some services will sign out if they are used from a different location. NSO Group’s tool mimics the device entirely, including tricking the services into believing they are operating from the host location.
Pegasus can be installed on an array of devices, including most iOS and Android smartphones. At the moment, the major companies named in the FT report have sent out stock PR responses. We hope a review will bring more concrete information from the likes of Microsoft, Google, Apple, and Amazon.