Israeli spyware claims to beat Apple's iCloud security

Posted:
in General Discussion edited July 19
NSO Group, which previously hacked WhatsApp, is advertising that it is able to gather all of an individual's cloud-hosted data from Apple, Google, Microsoft and more, using its Pegasus malware.

Apple's iCloud is one of many cloud services the NSO Group reportedly claims it can hack
Apple's iCloud is one of many cloud services the NSO Group reportedly claims it can hack


The Israeli company, NSO Group, has been telling its government customers that its Pegasus malware can now extract far more data about any given individual. As well as data on the person's smartphone, the claim is that the group can covertly retrieve all of the information that person has stored on servers owned by Apple, Google, Microsoft, Facebook and Amazon.

According to the Financial Times, that information includes all messages and photos, plus data concerning the entire history of the phone's location.

The NSO Group, whose software was recently used to hack WhatsApp, says that it develops this malware specifically for government use only.

"We do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure," a spokesperson said.

The FT notes that the group did not deny the claims of these capabilities, and that separate research efforts have shown the presence of Pegasus malware on the phones of journalists and human rights activists. The newspaper's unnamed sources who described an NSO sales demonstration, also provided documentary evidence.

The documents include a sales one which says full access is provided to a person's data without "prompting a two-step verification or warning email on [the] target device."

Graphic from the Financial Times illustrating how the NSO Group's Pegasus software now works
Graphic from the Financial Times illustrating how the NSO Group's Pegasus software now works (Source: Financial Times)


This Pegasus malware must be installed on the phone, with what appears to require root access. If an assailant has root access, a user has problems beyond iCloud monitoring. Methods of penetration have been demonstrated previously..

Once it is loaded, however, it's believed that the Pegasus malware copies the login credentials used to access cloud storage. That information is then sent to the government or other organization using the malware, and they then have full access to that cloud storage.

According to sales documents, the system works with even the latest iPhones and Android phones.

Apple responded to reporters from the FT, saying that its iOS is "the safest and most secure computing platform in the world." Apple has managed to block previous versions of Pegasus, both on iOS and macOS.

"While some expensive tools may exist to perform targeted attacks on a very small number of devices," continued Apple, "we do not believe these are useful for widespread attacks against consumers."

Similarly, Microsoft said it is "continually evolving" its protections. Amazon and Microsoft say they're investigating.
«1

Comments

  • Reply 1 of 34
    Does this method require physical access to the device to install the Pegasus software? It sounds like that is the case, which makes the threat of most people’s data being compromised much lower. 
    minicoffeeAlexMorelloJFC_PAwatto_cobra
  • Reply 2 of 34
    GeorgeBMacGeorgeBMac Posts: 4,946member
    So, Israel admits spying on Americans.   What are the chances Trump will do anything about it?
    avon b7cincymacbloggerblogflyingdpdavenauxiohammeroftruthPetrolDavemuthuk_vanalingammagman1979
  • Reply 3 of 34
    DAalsethDAalseth Posts: 682member
    Carl Sagan said Extraordinary claims require extraordinary evidance. Any charlatan can claim something. Prove it.
    jahblademagman1979StrangeDaysAlexMorelloFileMakerFellerwatto_cobra
  • Reply 4 of 34
    Not that I have indepth knowledge of this new method, but pretty much all online services already detect for access collisions. I.E. If the phone tries to connect and the 3rd party tool are also connected, the server will dump both.
    magman1979chasmwatto_cobra
  • Reply 5 of 34
    gatorguygatorguy Posts: 20,894member
    So, Israel admits spying on Americans.   What are the chances Trump will do anything about it?
    The software is only sold to governments FWIW. Of course that would not preclude the French government from purchasing and  "spying" on an American or vice-versa. Of course the US wouldn't spy on a French citizen anyway... . 
    muthuk_vanalingam
  • Reply 6 of 34
    MacProMacPro Posts: 18,348member
    gatorguy said:
    So, Israel admits spying on Americans.   What are the chances Trump will do anything about it?
    The software is only sold to governments FWIW. Of course that would not preclude the French government from purchasing and  "spying" on an American or vice-versa. Of course the US wouldn't spy on a French citizen anyway... . 
    The French got hold of it the would even sell it to a NATO enemy in a heartbeat ...remember the Falklands?
    watto_cobra
  • Reply 7 of 34
    So this spyware only needs a physical access to the device and an admin password to work?
    Sounds like an old joke about viruses on Linux - they work if you find and install correct versions of all necessary libraries.
    cincymacracerhomie3magman1979AlexMorellowatto_cobra
  • Reply 8 of 34
    gatorguygatorguy Posts: 20,894member
    not_anton said:
    So this spyware only needs a physical access to the device and an admin password to work?
    Sounds like an old joke about viruses on Linux - they work if you find and install correct versions of all necessary libraries.
    I don't think it's been explained how the software gets installed on a target device. I've not read it requires physical access, tho some are guessing that must be needed. 

    At the same time it's pretty unlikely they have any interest in you, probably as likely as the CIA sending an operative to your home posing as your internet service provider.  
    edited July 19
  • Reply 9 of 34
    gatorguygatorguy Posts: 20,894member
    Interestingly Apple did comment  and does not deny the existence of the software, saying:
     “some expensive tools may exist to perform targeted attacks on a very small number of devices, we do not believe these are useful for widespread attacks against consumers.”
    muthuk_vanalingamjony0
  • Reply 10 of 34
    bloggerblogbloggerblog Posts: 1,863member
    When an individual does it he’ll get dragged through mud, get fined, and go to prison for decades. When Israel does it all governments and politicians STFU!!
    cornchipspace2001hammeroftruthPetrolDavemagman1979StrangeDaystoysandmeGeorgeBMac
  • Reply 11 of 34
    lkrupplkrupp Posts: 7,162member
    Isn’t the big question whether the Apple App Store review process would detect apps using this malware before allowing them to be offered to the public? Otherwise wouldn’t an iOS device need to be jailbroken in order to install this. How is this malware installed anyway? Then there is the prospect of Apple being forced to allow third party app stores. Wouldn’t that cause an explosion of malware on iOS?

    Lots of claims by this company that sound like marketing tropes and little evidence that they can do what they say they can do, at least on iOS anyway.
    watto_cobra
  • Reply 12 of 34
    rob53rob53 Posts: 2,074member
    So, Israel admits spying on Americans.   What are the chances Trump will do anything about it?
    You may not know this but Israel has been spying on the US for years. Just like every other country and we do the same thing. This is common knowledge. It used to be any contact with Israeli citizens or businesses required me to contact our security personnel. They were one of the many countries on the list. I assume they still are but that doesn't keep any of our government from dealing with them any time they want to without any ramifications. It's like dealing with Russia and North Korea. They do it until someone in power stops them.
    hammeroftruthPetrolDavemagman1979GeorgeBMacbadmonkwatto_cobra
  • Reply 13 of 34
    Does this method require physical access to the device to install the Pegasus software? It sounds like that is the case, which makes the threat of most people’s data being compromised much lower. 
    Is your question rhetorical or did you not read the article?  I ask because the physical access is addressed in the article.  Yes, it requires physical access (edit: on a second read, physical access seems to be implied, but not confirmed so that question is legit).  It's not a tool for mass data collection so most people being compromised is not an issue.  Also addressed in the article.  It's a tool sold to governments for targeted attacks. 

    Simple example of a targeted attack:
    Journo critical of a government enters that country to report on issue X.   At customs, journo's devices are taken for "inspection" by customs agents. 

    I'm sure we can all come up with any number of valid scenarios where governments around the world would have ability to gain physical access to a target's devices.  
    The larger problem is software and devices like this always, always, always make it into the hands of individuals with bad intent.  Sometimes it's the actual gov'ts.  Sometimes it some shady a-hole buying Cellebrite's tools off eBay.

    edited July 19 watto_cobra
  • Reply 14 of 34
    gatorguygatorguy Posts: 20,894member
    lkrupp said:
    Isn’t the big question whether the Apple App Store review process would detect apps using this malware before allowing them to be offered to the public? Otherwise wouldn’t an iOS device need to be jailbroken in order to install this. How is this malware installed anyway? Then there is the prospect of Apple being forced to allow third party app stores. Wouldn’t that cause an explosion of malware on iOS?

    Lots of claims by this company that sound like marketing tropes and little evidence that they can do what they say they can do, at least on iOS anyway.
    Apple acknowledges that it exists so it's not "made up",  but it's not something consumers should be concerned with. It's for very targeted government-sanctioned investigations of specific individuals who a government has reason to believe is significantly dangerous to either that government or it's citizens. 

    Apple can't close every security hole, but they do a darn good job of securing Apple devices against things most folks should have any concern with. This in not one of those things. 
    edited July 19 muthuk_vanalingamFileMakerFeller
  • Reply 15 of 34
    mike1mike1 Posts: 1,910member
    So, Israel admits spying on Americans.   What are the chances Trump will do anything about it?
    Nothing in the article stated that they only sold the software to the Israeli government. It could have been written poorly, but I got the impression that they would sell to many different governments.
    edited July 19 gatorguywatto_cobra
  • Reply 16 of 34
    robin huberrobin huber Posts: 3,275member
    Legalized ransom ware. “We know how to hack you; pay us to learn how.”
    watto_cobra
  • Reply 17 of 34
    seanismorrisseanismorris Posts: 1,015member
    First thought, this software is intended to be an attack on “freedom of the press” or “dissidents”.

    Any time your phone leaves your possession you’re vulnerable.  The simplest way is if you go through a border or customs, if you’re required to give up your password or unlock your device you’re SOL.

    You could bring a “burner” phone or phone set up with a dummy account.  After getting to your destination, you’d need to wipe the device and set it up properly.  

    Technically, someone could physically modify your device if it leaves your possession but it would be difficult to do so...

    After doing your business, and uploading everything to iCloud, one drive, etc. you’d need to wipe the device before going back through customs.

    Some country’s forbid or block the use of VPNs (etc.) so downloading the software at your destination would be a problem...

    This (and other tools) is 1984 made easy/cheap, but the bigger problem is when these tools become available to every petty criminal... and they inevitably will.  It wouldn’t be that difficult to weaponize this tools inside Apps that users install inadvertently...

    Remember, a “free” App isn’t free.  The FaceApp that’s making rounds in the news is just the tip of the iceberg, and that’s only getting attention because of its Russian origin.  If it was from Israel (etc) would it get flagged?
    beowulfschmidtwatto_cobra
  • Reply 18 of 34
    This Pegasus malware must be installed on the phone, with what appears to require root access.”

    As far as know, root access can only be gained by jailbraking. So not possible to install from App Store.
    watto_cobra
  • Reply 19 of 34
    gatorguygatorguy Posts: 20,894member
    ”This Pegasus malware must be installed on the phone, with what appears to require root access.”

    As far as know, root access can only be gained by jailbraking. So not possible to install from App Store.
    "Appears to" leaves an open unanswered question, an assumption as it were. That's not the same as "requires".
    FileMakerFeller
  • Reply 20 of 34
    Just another good reason to boycott Israeli products. What would be the consequences of selling such technology to governments which don't give a damn about freedom of speech or basic human rights? Imagine such tech in the hands of government agencies like Smersh, MI5 or 6, KGB, Gestapo, NKVD-KGB, Stasi, NSA, CIA, Shin Bet, et al…it is almost too horrific to contemplate the powers such invasive surveillance services would bring. Not yet fully comprehended are the racist, sexist, misogynistic and socially destabilising words uttered by Trump and echoed menacingly by his followers just recently.
    shunting123hammeroftruthwatto_cobra
Sign In or Register to comment.