Israeli Company Claims That It Can Gather An Individual’s Cloud-Hosted Data From Apple, Google, Microsoft & More

Israel based NSO Group is making noise today by making some stunning claims. The Financial Times has details, but let me boil it down for you. In short this company has been telling its government customers that its Pegasus malware can now extract far more data about any given individual. Specifically, it can snag data on the person’s smartphone, as well as covertly retrieve all of the information that person has stored on servers owned by Apple, Google, Microsoft, Facebook and Amazon. This is a stunning revelation, assuming that this is true of course. Which it could be because this is the same group who hacked WhatsApp back in May. That forced an emergency patch to be issued by Facebook who owns WhatsApp.

Now both Apple, Amazon and Microsoft have put out statements saying they’re investigating this threat. And the word on the street is that Apple has blocked previous versions of this malware before. So this may be either a non-factor very quickly. or it might be the start of a game of cat and mouse that has users of these devices in the middle.

UPDATE: Mike Beck, Global Head of Threat Analysis for Darktrace reached out to me with this comment:

“This news highlights the reality of the cyber arms industry – private organisations, of which NSO is one example, are developing and selling spyware which is then often used by government agencies to catch sophisticated criminals. It stands to reason that national governments who are not equipped with large national intelligence budgets will look to the private sector to provide this capability.

However, if private sector companies are authorised to develop cyber weapons, outside of the accountability of government institutions, there are concerns about how these tools can be used. In the wrong hands, we could see this malware used to collect intelligence on average citizens and even used against nation-states, as part of cyber-warfare.

As the world’s attitude towards cyber-security matures, we can expect international law to control the use of these weapons. Meanwhile the likes of Apple, Google and Facebook will need to demonstrate that they can identify security threats and intervene rapidly, before user data is breached. AI will be a necessary ally to achieve this, given the complexity of today’s threat landscape, and the volume and diversity of the data systems that require protecting.”




Leave a Reply

%d bloggers like this: