1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

WhatsApp spyware could also steal data from your Microsoft, Apple, Google, and Facebook...

By nanoguy · 16 replies
Jul 20, 2019
Post New Reply
  1. Earlier this year, news broke that a vulnerability in WhatsApp allowed a spyware tool to be injected into phones with a simple call that wouldn't need to be answered and also wouldn't leave any trace. The software was architected by a secretive Israeli firm called NSO Group, who is also behind the infamous Pegasus spyware, with a history of selling this kind of tools to governments and intelligence agencies.

    A new report from Financial Times says the very same company who was essentially selling the keys to our digital lives has been touting new capabilities for its flagship spyware tool Pegasus to potential buyers. Where previously it was only able to harvest data from the phone's storage, apparently it can now steal a user's data from various accounts made on Apple, Microsoft, Facebook, Amazon, and Google's cloud services.

    The spyware tool is said to have received a significant upgrade that allows it to access things like location history, archived messages, and other online data not synced on the phone. While it's not clear how exactly this is achieved, FT speculates that once Pegasus is on the target phone, it is able to essentially clone the authentication keys of services like Facebook Messenger and Google Drive and sync it with a surveillance server, where it can be then used to imitate the phone down to a tee, location included.

    This isn't as benign as the Bluetooth vulnerability that was recently disclosed by Boston University engineers. While that one has an easy fix, the vulnerability exploited by the latest Pegasus iteration appears to be related to authentication techniques that are widely used in the industry.

    NSO Group denied the accusations that it promoted mass surveillance tools, maintaining that its software is an important asset for responsible governments, but also didn't deny that Pegasus is able to extract data from cloud accounts.

    All five companies have so far offered generic statements that they're not aware of any breach and that they're continually working on security. Apple did acknowledge the existence of tools capable of targeting a "small number" of devices, but the company doesn't believe they can be used on a large scale. That said, it should worry companies like Microsoft, who make a significant portion of their revenue from cloud services.

    FT notes the documents they received offer a surprisingly simple fix to prevent Pegasus from being effective that only requires changing your app password.

    Permalink to story.

  2. Bullwinkle M

    Bullwinkle M TS Booster Posts: 145   +74

    This is AWESOME!

    Robocallers could send this to every cellphone on the planet with Ransomware and a Wiper

    Permanent access to everyones data...
    Paying ransom "may" give the owner temporary access to their own cloud data while the perps have permanent access, then just wipe the cloud data clean whether they pay or not and wash, rinse & repeat endlessly!

    This could be fun

    I'll get the popcorn
    Last edited: Jul 20, 2019
  3. psycros

    psycros TS Evangelist Posts: 2,778   +2,592

    At least this kind of spyware finally motivated lawmakers to start banning robocallers - their afraid of their own secrets getting out. AT&T and Verizon barely even lobbied against the bans this time because they already knew which way the wind was blowing. Now their acting like they needed legal authority to block these calls, which they never did.
    boxedquad likes this.
  4. Bullwinkle M

    Bullwinkle M TS Booster Posts: 145   +74

    But if they took over your cellphone 1st, it could be YOU making the next 10 calls to new victims

    or using stolen phone accounts, or fraudulent accounts, or hidden servers calling to cellphones, or calling you directly from the cloud servers they compromise, as in....... Malware directly from Sprint / AT&T etc
    Last edited: Jul 20, 2019
    boxedquad likes this.
  5. boxedquad

    boxedquad TS Rookie

    Have a banking account and token fob: by Symantec.VIP, to make each login special. Is this a good thing or is it also hackable?
  6. David Belkin

    David Belkin TS Enthusiast Posts: 51   +44

    Israeli spyware, no surprise.
    Israel along with the US was also responsible for infecting approx. 200.000 computers worldwide (wikipedia) with the stuxnet virus a few years ago, but as long as culprits are the US and Israel and targets are either Iran, Russia and China, the world somehow turns a blind eye.
    Markoni35 and JaredTheDragon like this.
  7. Adi6293

    Adi6293 TS Maniac Posts: 242   +217

    I can sense Anti Semitism in your post........HAHA just kidding, I've said this before, Jews can do whatever they want as they own the banks and most governments around the world......
    Markoni35 and JaredTheDragon like this.
  8. Capaill

    Capaill TS Evangelist Posts: 917   +505

    Plus they have nuclear weapons. And they have the US wrapped around their little finger.
    Markoni35 likes this.
  9. Adi6293

    Adi6293 TS Maniac Posts: 242   +217

    Yep they can have nukes but Iran cant
    Markoni35 likes this.
  10. Markoni35

    Markoni35 TS Addict Posts: 245   +113

    It's always the Israelis. Whenever there's some kind of nasty hacking, it's the Israelis. But that doesn't prevent the media from blaming everything on the North Koreans. "It must be Kim Yong". Nope, when it comes to nasty illegal and immoral hacking, it's always Israel.
  11. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 11,504   +5,067

    I've never used Whatsapp. So is there another application that allows this spyware tool to be injected?
  12. erickmendes

    erickmendes TS Evangelist Posts: 575   +247

    ... or you can keep harvesting data forever and selling it, just like Facebook and all others already do.
  13. lazer

    lazer TS Addict Posts: 249   +59

    Interesting how many commenters are anti Israel.....
  14. Capaill

    Capaill TS Evangelist Posts: 917   +505

    You seem to be correlating "anti Israel" with "hating Israel". It's not anti-Israel if the statements are correct. Or are you saying that the entire article is anti-Israel?

    There's nothing inherently wrong with Israel. Other than that it's a new country, created by a British land-grab in the 1940s, forcing many Arabs to move out and allowing many Jews to move in, and then enforced by huge military support from the US along with strong Israeli military aggression to suppress the anger and instability in the region created by the land grab. Other than that, it's a fine country that even managed to win the Eurovision.
  15. lazer

    lazer TS Addict Posts: 249   +59

    You are pretty confused. I commented on the comments not as you state on the article. Secondly there was NO BRITISH land grab. There was WWI and the Brits defeated the Turks and and tried to deal with the area while favoring the Arabs....

    Read some history books....
  16. Capaill

    Capaill TS Evangelist Posts: 917   +505

    Who's got time to read books. I checked Wikipedia and it summarised it as:
    "During World War I, the British government publicly committed to create a Jewish National Home and was granted a Mandate to rule Palestine by the League of Nations for this purpose. A rival Arab nationalism also claimed rights over the former Ottoman territories and sought to prevent Jewish migration into Palestine, leading to growing Arab–Jewish tensions. Israeli independence in 1948 was accompanied by an exodus of Arabs from Israel, the Arab–Israeli conflict and a subsequent Jewish exodus from Arab and Muslim countries to Israel."

    So, land was taken from Palestine by the British to create a place for Jews to live which eventually became Israel, which was not Palestine.
  17. mailpup

    mailpup TS Special Forces Posts: 7,412   +629

    Back on topic please.
    Capaill likes this.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...