+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

The Israeli firm behind software used to hack WhatsApp boasted that it can scrape data from Amazon, Apple, Facebook, Google, and Microsoft cloud servers

Jul 19, 2019, 15:49 IST

This Wednesday, Feb. 19, 2014 photo, shows the WhatsApp and Facebook app icons on an iPhone in New York. On Wednesday Facebook announced it is buying mobile messaging service WhatsApp for up to $19 billion in cash and stock.Karly Domb Sadof/AP

Advertisement
  • NSO Group, the Israeli security firm whose Pegasus malware was used in a WhatsApp hack in May, has boasted it can break into the cloud services of big tech companies, according to the Financial Times.
  • The FT reviewed sales documents from NSO which said its new system could obtain a target's entire location data history, archived messages, and photos.
  • The cloud services of Apple, Google, Facebook, Amazon and Microsoft were all referenced as being vulnerable in the FT report. Some are investigating the issue.
  • "We do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure," an NSO spokesperson told the FT.
  • Visit Business Insider's homepage for more stories.

The company behind a WhatsApp hack has been boasting that it can break into the cloud services of big tech companies, including Amazon, Apple, Facebook, Google, and Microsoft, the Financial Times reports.

The Israeli security firm NSO group is infamous for its malware, Pegasus, which the FT said in May had been used to hack the phones of human rights activists using just a single WhatsApp call. The malware could make its way onto the target's phone, even if they didn't pick up.

Now NSO has been telling potential clients Pegasus has been developed to target cloud servers, according to people familiar with the sales pitch and documents shared with the FT. NSO reportedly said in its pitch that, by hacking into these servers, it could access someone's entire location data history, archived messages, and photos.

According to the sales documents viewed by the FT, the method involves copying authentication keys for services like Google Drive, Facebook Messenger and iCloud, from a targeted phone. Once this is done, a separate server can then impersonate the device without alerting the real owner.

Advertisement

The document said that even if the malware is removed from the device, attackers could still have unlimited access to data uploaded to the cloud, the FT reported.

Read more: Meet the shadowy security firm from Israel whose technology is believed to be at the heart of the massive WhatsApp hack

"We do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure," an NSO spokesperson told the FT. However, the FT said it did not explicitly deny having developed the capabilities described in the reviewed documents.

NSO did not immediately respond to Business Insider's request for comment.

Some of the big tech companies mentioned in the report are now conducting investigations.

Advertisement

"We have no evidence that Amazon corporate systems, including customer accounts, have been accessed by the software product in question. We take customer privacy and security extremely seriously, and will continue to investigate and monitor the issue," an Amazon spokesman told Business Insider.

Facebook added: "Protecting the security of people's accounts is a top priority. We are reviewing these claims."

Microsoft told the FT its security technology was "continually evolving." Apple told the newspaper that its operating system is "the safest and most secure computing platform in the world."

"While some expensive tools may exist to perform targeted attacks on a very small number of devices, we do not believe these are useful for widespread attacks against consumers," Apple added.

Google declined to comment when contacted by the FT.

Advertisement

Apple, Google, and Microsoft were not immediately available for comment when contacted by Business Insider.

NOW WATCH: Why Apple's Mac Pro 'trash can' was a colossal failure

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article