WhatsApp spyware could also steal data from your Microsoft, Apple, Google, and Facebook...

nanoguy

TS Addict
Staff member

Earlier this year, news broke that a vulnerability in WhatsApp allowed a spyware tool to be injected into phones with a simple call that wouldn't need to be answered and also wouldn't leave any trace. The software was architected by a secretive Israeli firm called NSO Group, who is also behind the infamous Pegasus spyware, with a history of selling this kind of tools to governments and intelligence agencies.

A new report from Financial Times says the very same company who was essentially selling the keys to our digital lives has been touting new capabilities for its flagship spyware tool Pegasus to potential buyers. Where previously it was only able to harvest data from the phone's storage, apparently it can now steal a user's data from various accounts made on Apple, Microsoft, Facebook, Amazon, and Google's cloud services.

The spyware tool is said to have received a significant upgrade that allows it to access things like location history, archived messages, and other online data not synced on the phone. While it's not clear how exactly this is achieved, FT speculates that once Pegasus is on the target phone, it is able to essentially clone the authentication keys of services like Facebook Messenger and Google Drive and sync it with a surveillance server, where it can be then used to imitate the phone down to a tee, location included.

This isn't as benign as the Bluetooth vulnerability that was recently disclosed by Boston University engineers. While that one has an easy fix, the vulnerability exploited by the latest Pegasus iteration appears to be related to authentication techniques that are widely used in the industry.

NSO Group denied the accusations that it promoted mass surveillance tools, maintaining that its software is an important asset for responsible governments, but also didn't deny that Pegasus is able to extract data from cloud accounts.

All five companies have so far offered generic statements that they're not aware of any breach and that they're continually working on security. Apple did acknowledge the existence of tools capable of targeting a "small number" of devices, but the company doesn't believe they can be used on a large scale. That said, it should worry companies like Microsoft, who make a significant portion of their revenue from cloud services.

FT notes the documents they received offer a surprisingly simple fix to prevent Pegasus from being effective that only requires changing your app password.

Permalink to story.

 

Bullwinkle M

TS Addict
This is AWESOME!

Robocallers could send this to every cellphone on the planet with Ransomware and a Wiper

Permanent access to everyones data...
Paying ransom "may" give the owner temporary access to their own cloud data while the perps have permanent access, then just wipe the cloud data clean whether they pay or not and wash, rinse & repeat endlessly!

This could be fun

I'll get the popcorn
 
Last edited:

psycros

TS Evangelist
At least this kind of spyware finally motivated lawmakers to start banning robocallers - their afraid of their own secrets getting out. AT&T and Verizon barely even lobbied against the bans this time because they already knew which way the wind was blowing. Now their acting like they needed legal authority to block these calls, which they never did.
 
  • Like
Reactions: boxedquad

Bullwinkle M

TS Addict
At least this kind of spyware finally motivated lawmakers to start banning robocallers - their afraid of their own secrets getting out. AT&T and Verizon barely even lobbied against the bans this time because they already knew which way the wind was blowing. Now their acting like they needed legal authority to block these calls, which they never did.
But if they took over your cellphone 1st, it could be YOU making the next 10 calls to new victims

or using stolen phone accounts, or fraudulent accounts, or hidden servers calling to cellphones, or calling you directly from the cloud servers they compromise, as in....... Malware directly from Sprint / AT&T etc
 
Last edited:
  • Like
Reactions: boxedquad

boxedquad

TS Rookie
Have a banking account and token fob: by Symantec.VIP, to make each login special. Is this a good thing or is it also hackable?
 

David Belkin

TS Enthusiast
Israeli spyware, no surprise.
Israel along with the US was also responsible for infecting approx. 200.000 computers worldwide (wikipedia) with the stuxnet virus a few years ago, but as long as culprits are the US and Israel and targets are either Iran, Russia and China, the world somehow turns a blind eye.
 

Adi6293

TS Guru
Israeli spyware, no surprise.
Israel along with the US was also responsible for infecting approx. 200.000 computers worldwide (wikipedia) with the stuxnet virus a few years ago, but as long as culprits are the US and Israel and targets are either Iran, Russia and China, the world somehow turns a blind eye.
I can sense Anti Semitism in your post........HAHA just kidding, I've said this before, Jews can do whatever they want as they own the banks and most governments around the world......
 

Capaill

TS Evangelist
I can sense Anti Semitism in your post........HAHA just kidding, I've said this before, Jews can do whatever they want as they own the banks and most governments around the world......
Plus they have nuclear weapons. And they have the US wrapped around their little finger.
 
  • Like
Reactions: Markoni35

Markoni35

TS Maniac
It's always the Israelis. Whenever there's some kind of nasty hacking, it's the Israelis. But that doesn't prevent the media from blaming everything on the North Koreans. "It must be Kim Yong". Nope, when it comes to nasty illegal and immoral hacking, it's always Israel.
 

erickmendes

TS Evangelist
This is AWESOME!

Robocallers could send this to every cellphone on the planet with Ransomware and a Wiper

Permanent access to everyones data...
Paying ransom "may" give the owner temporary access to their own cloud data while the perps have permanent access, then just wipe the cloud data clean whether they pay or not and wash, rinse & repeat endlessly!

This could be fun

I'll get the popcorn

... or you can keep harvesting data forever and selling it, just like Facebook and all others already do.
 

Capaill

TS Evangelist
Interesting how many commenters are anti Israel.....
You seem to be correlating "anti Israel" with "hating Israel". It's not anti-Israel if the statements are correct. Or are you saying that the entire article is anti-Israel?

There's nothing inherently wrong with Israel. Other than that it's a new country, created by a British land-grab in the 1940s, forcing many Arabs to move out and allowing many Jews to move in, and then enforced by huge military support from the US along with strong Israeli military aggression to suppress the anger and instability in the region created by the land grab. Other than that, it's a fine country that even managed to win the Eurovision.
 

lazer

TS Addict
You seem to be correlating "anti Israel" with "hating Israel". It's not anti-Israel if the statements are correct. Or are you saying that the entire article is anti-Israel?

There's nothing inherently wrong with Israel. Other than that it's a new country, created by a British land-grab in the 1940s, forcing many Arabs to move out and allowing many Jews to move in, and then enforced by huge military support from the US along with strong Israeli military aggression to suppress the anger and instability in the region created by the land grab. Other than that, it's a fine country that even managed to win the Eurovision.
You are pretty confused. I commented on the comments not as you state on the article. Secondly there was NO BRITISH land grab. There was WWI and the Brits defeated the Turks and and tried to deal with the area while favoring the Arabs....

Read some history books....
 

Capaill

TS Evangelist
You are pretty confused. I commented on the comments not as you state on the article. Secondly there was NO BRITISH land grab. There was WWI and the Brits defeated the Turks and and tried to deal with the area while favoring the Arabs....

Read some history books....
Who's got time to read books. I checked Wikipedia and it summarised it as:
"During World War I, the British government publicly committed to create a Jewish National Home and was granted a Mandate to rule Palestine by the League of Nations for this purpose. A rival Arab nationalism also claimed rights over the former Ottoman territories and sought to prevent Jewish migration into Palestine, leading to growing Arab–Jewish tensions. Israeli independence in 1948 was accompanied by an exodus of Arabs from Israel, the Arab–Israeli conflict and a subsequent Jewish exodus from Arab and Muslim countries to Israel."

So, land was taken from Palestine by the British to create a place for Jews to live which eventually became Israel, which was not Palestine.