An Israeli security company with an overview of developing some of the most sophisticated and sophisticated mobile hacking tools we've ever seen, has taken a significant interest. According to a report by Financial Times the NSO group sells an updated version of its famous Pegasus tool that can not only access information stored on the iPhone or Android device's target, but even access to a user's information stored in the cloud.
As a fast primer, Pegasus was designed to monitor all facets of the user's device, including text messages, email addresses, location data, browser history, phone calls, pictures, and more. In addition, Pegasus is so advanced that it can be installed on a targeted device when a user clicks on an SMS link. Suffice it to say that Pegasus is an expensive tool that costs millions of dollars, and as a result, is primarily marketed to foreign authorities and intelligence agencies.
Regarding Pegasus' new abilities, Financial Times notes that the software can retrieve data "from the servers to Apple, Google, Facebook, Amazon and Microsoft."
The software can therefore access stored images, messages and even location data from a variety of third-party services.
The new technique is said to copy the authentication keys to services such as Google Disk, Facebook Messenger and iCloud, including from an infected phone, so that a separate server can mimic the phone, including the location.
This allows open access to the slider data for these apps without requesting a 2-step verification or alert message on the target device, according to one sales document.
In a statement given to Financial Times an Apple spokesman said: "While some expensive tools may exist to perform targeted attacks on a very small number of devices, we do not think these are useful for widespread use. attacks on consumers. "
In fact, Pegasus is not exactly what most iOS or Android users need to worry about, but it highlights how apparently secure data can be vulnerable when targeted by some of the most advanced spyware on the planet.
As an end point, speaking to the sophisticated NSO group's methods, a report earlier this year reported that the NSO group was able to exploit a vulnerability in WhatsApp and install monitoring software on a device by calling it.