Israeli NSO Group claims to be able to steal data from iCloud, Google Drive and OneDrive

Get a free Techzine subscription!

The Israeli company NSO Group has told its customers that its technology can retrieve data from users of the servers of Apple, Google, Facebook, Amazon and Microsoft. That’s what sources familiar with the sales pitch to The Financial Times say.

The NSO Group is a company that develops spyware for governments and others. In May of this year, the company was still in the news after it appeared that the company’s hackers could install spyware on phones via WhatsApp. This was the software called Pegasus, which has been used for years by intelligence services and governments to retrieve data from smartphones. So now the company has a new goal in mind. The company states that it can collect the information stored in the cloud. These include the entire history of a target’s location data, archived messages and photos, according to the sources, which provided the Financial Times with documents describing the product.

Operation

The new technique copies the authentication keys of services such as Google Drive, Facebook Messenger and iCloud from an infected phone. A separate server can then simulate the phone, including its location, in order to gain access to all the data. This provides unrestricted access to the cloud data from the apps without the need for two-step verification or a warning email appearing on the target’s device. The technology works on any device that can infect Pegasus, including new iPhones and Android devices.

The technology also provides continuous access to data uploaded to the cloud from laptops, tablets and smartphones. This access will continue even if Pegasus is removed from the smartphone that infected it.

NSO Group denies accusations

The NSO Group denies that it promotes hacking or surveillance tools for cloud services. However, the company has not denied that it has developed the capabilities described in documents. The company has always maintained that its software is only sold to responsible governments to help prevent terrorist attacks and criminal activity. However, researchers have been able to find Pegasus on the smartphones of human rights activists and journalists worldwide. As a result, there are suspicions that the software is also being used by oppressive regimes.

Research

Security teams from different cloud providers are investigating the method, which seems to focus on authentication techniques that have hitherto been considered secure.

Amazon says it found no evidence that the software had access to its systems or customer accounts. However, the company says it will continue to investigate and monitor the problem. Facebook claims to be investigating the claims and Microsoft claims that its technology is constantly evolving to provide the best protections for our customers.

Apple responded by reporting that its operating system is the safest computing platform in the world. While there may be a few expensive tools available to carry out attacks on a very small number of devices, we don’t think they are useful for widespread attacks against our customers. Google has refused to respond.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.