The Israeli firm behind software used to hack WhatsApp boasted that it can scrape data from Amazon, Apple, Facebook, Google, and Microsoft cloud servers
- NSO Group, the Israeli security firm whose Pegasus malware was used in a WhatsApp hack in May, has boasted it can break into the cloud services of big tech companies, according to the Financial Times.
- The FT reviewed sales documents from NSO which said its new system could obtain a target's entire location data history, archived messages, and photos.
- The cloud services of Apple, Google, Facebook, Amazon and Microsoft were all referenced as being vulnerable in the FT report. Some are investigating the issue.
- "We do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure," an NSO spokesperson told the FT.
- Visit Business Insider's homepage for more stories.
The company behind a WhatsApp hack has been boasting that it can break into the cloud services of big tech companies, including Amazon, Apple, Facebook, Google, and Microsoft, the Financial Times reports.
The Israeli security firm NSO group is infamous for its malware, Pegasus, which the FT said in May had been used to hack the phones of human rights activists using just a single WhatsApp call. The malware could make its way onto the target's phone, even if they didn't pick up.
Now NSO has been telling potential clients Pegasus has been developed to target cloud servers, according to people familiar with the sales pitch and documents shared with the FT. NSO reportedly said in its pitch that, by hacking into these servers, it could access someone's entire location data history, archived messages, and photos.
According to the sales documents viewed by the FT, the method involves copying authentication keys for services like Google Drive, Facebook Messenger and iCloud, from a targeted phone. Once this is done, a separate server can then impersonate the device without alerting the real owner.
The document said that even if the malware is removed from the device, attackers could still have unlimited access to data uploaded to the cloud, the FT reported.
"We do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure," an NSO spokesperson told the FT. However, the FT said it did not explicitly deny having developed the capabilities described in the reviewed documents.
NSO did not immediately respond to Business Insider's request for comment.
Some of the big tech companies mentioned in the report are now conducting investigations.
"We have no evidence that Amazon corporate systems, including customer accounts, have been accessed by the software product in question. We take customer privacy and security extremely seriously, and will continue to investigate and monitor the issue," an Amazon spokesman told Business Insider.
Facebook added: "Protecting the security of people's accounts is a top priority. We are reviewing these claims."
Microsoft told the FT its security technology was "continually evolving." Apple told the newspaper that its operating system is "the safest and most secure computing platform in the world."
"While some expensive tools may exist to perform targeted attacks on a very small number of devices, we do not believe these are useful for widespread attacks against consumers," Apple added.
Google declined to comment when contacted by the FT.
Apple, Google, and Microsoft were not immediately available for comment when contacted by Business Insider.
Receive a single WhatsApp every morning with all our latest news: click here.
Also from Business Insider South Africa:
- One of the world's biggest companies wants to buy a local food giant – here's what it will mean for South Africans
- Antarctica is melting so fast that scientists are proposing shooting artificial snow out of cannons to slow it down
- R24 billion later, Pepsi could finally have a fighting chance against Coke in South Africa – and maybe we’ll get Funyuns too
- WATCH: A new South African safe survives explosions
- You can save thousands by making the new rate cut work harder for you - here's how
- Trump officials are reportedly dismantling the post-9/11 programmes meant to prevent nuclear and biological weapons attacks against the US
- A psychologist explains why everyone is obsessed with a new viral app that shows what you'll look like when you're old
- A panelbeater in Brazil got busted for building knock-off Lamborghinis and Ferraris that look surprisingly real.
- The Gautrain wants to use levies paid by people across South Africa – such as vehicle registration fees – to fund much of its huge planned expansion