Report: Israeli surveillance tool can silently collect all iCloud data for a targeted user
Added 07-19-19 05:31:01am EST - “Apple is facing a new security threat thanks to developments in the spyware/surveillance tool sold by the Israeli firm NSO Group. Via the Financial Times, the Pegasus phone software now not only harvests data from the user's onboard…” - 9to5mac.com
CLICK TO SHARE
Apple is facing a new security threat thanks to developments in the spyware/surveillance tool sold by the Israeli firm NSO Group. Via the Financial Times, the Pegasus phone software now not only harvests data from the user’s onboard storage, but also all communications with the connected cloud.
The vulnerability purportedly affects the iPhone and Apple’s iCloud as well as Google Android phones, and even third-party apps installed on the phone that communicate over ‘encrypted and secure’ connections.
The spyware is sold by NSO Group is supposedly only sold to governments to assist with crime investigations, but there are fears that the Pegasus spyware is also used by countries to help enforce authoritarian and dictatorship leadership.
The new version of the Pegasus software is supposedly able to capture and clone the authentication tokens used for services like iCloud. Then, it can essentially construct a man-in-the-middle attack to pretend to be the target user’s device, and download whatever data it pleases from the origin server by making requests that seem to be coming from the origin phone.
It could impersonate the user’s Facebook credentials and download location history, or get messages stored in iCloud for example.
Post a comment.
CLICK TO SHARE