The Pegasus spyware sold to governments by the Israeli NSO Group not only has access to the data stored locally on a smartphone, but can also be reported by the Financial Times also access the data stored in the cloud on Amazon, Apple, Facebook, Google or Microsoft.
For example, Pegasus is bought by governments so that intelligence agencies can access data from devices such as smartphones, whether they are Android or iOS devices. The NSO Group claims to sell Pegasus exclusively to responsible governments that want to use the software to prevent terrorist attacks and other crimes.
The Financial Times There is evidence from sales talks between the NSO Group and the government of Uganda that Pegasus can not only be used to read data from the local memory of a smartphone, but also to tap data from many large cloud providers. Affected are the servers or services of Amazon, Apple, Facebook, Google and Microsoft.
Spyware steals authentication keys
From the servers of the affected companies to Pegasus data such as the complete location data, archived messages and photos can be copied. Pegasus is to copy the authentication key of cloud services such as Google Drive, Facebook Messenger or iCloud from an infected smartphone and make it available to another server of the supervisor so that it can spend including the current location as the access-authorized smartphone. According to a sales document, this should work without triggering two-factor authentication or sending e-mail alerts for new logins.
Cloud providers investigate allegations
On the functioning of Pegasus addressed, Amazon explained that so far no evidence of access was found by the said software. Facebook said the company is investigating the allegations. Microsoft, in turn, said that it offers customers continuously improved protection. According to Apple, there are few very expensive tools to execute attacks on a small number of devices, but these tools are not suitable for large-scale attacks. The company added that it regularly provides updates for operating systems and security. Google declined to comment.
The NSO Group denies promoting hacker attacks or mass monitoring tools for cloud services, but does not explicitly deny that the company has developed these capabilities as described in the documents.