Pegasus, the spyware developed by the Israeli company NSO Group, would still be able to infect the iPhone. Apple had connected old flaws exploited by Pegasus, but according to Financial Times, NSO is now urging its ability to investigate cloud. Recently used to attack WhatsApp, Pegasus could discreetly collect data stored on Apple, Google, Facebook, Amazon and Microsoft servers.
NSO denies "Promoting piracy and mass surveillance tools for cloud services." But it does not formally deny the information of the Financial Times, which explains the reception of documents describing Pegasus and information on presentations organized by NSO. Pegasus, considered by the Israeli government as "A & # 39; weapon", is sold to security and espionage services worldwide as a tool "To prevent crime and terrorism".
But the pirated versions circulate on the web and the researchers found it on the phones of journalists and activists. There is every reason to believe that authoritarian governments have access to Pegasus, and that more democratic governments no longer hesitate to use it outside the rigorous framework of counter-terrorism. Now from an infected phone, the spyware is now able to copy the authentication keys for the main online services and bypass the double authentication systems.
A remote server can therefore pretend to be the phone, not only to recover all the stored data, but to maintain the connection to intercept any data added later and take advantage of the device's localization tools. All iPhones and all Android smartphones, even the most recent, are vulnerable. Worse yet: even if Pegasus is removed, NSO holds a hand, since it has recovered the keys.
Google has not commented on this information. Facebook claims to have found no evidence of a Pegasus connection to its servers "Study these accusations"and Microsoft invites its customers to pay attention to the security of their devices. Apple finally explains it "While there are some very expensive tools to conduct targeted attacks against a small number of devices, we don't believe they are used to making massive attacks".
Microsoft as Apple promises to link all the defects that could be used by Pegasus. Meanwhile, the only known parade is childishly simple, changing the passwords to access the services you use. The Israeli and Cypriot governments have sued the NSO, accusing it of offering its services to the most repressive regimes on the planet.