If you thought the WhatsApp hack by NSO Group early this year was worse, the Israeli company has now improved their spyware to do even more prying. In May, WhatsApp had a critical vulnerability that let attackers install Pegasus through a call that exposed civil rights activists and dissidents to hacking attempts. WhatsApp later issued a patch to close this loophole.
The spyware recently got upgraded to do even more spying. According to the Financial Times, Pegasus can now pry for users data if they use Microsoft, Amazon, Apple, Facebook and Google. The spyware now captures the full history of a user’s location data, photos and messages.
Once installed, Pegasus lifts off login credentials of the iCloud, Google Drive, Facebook’s Messenger. The spyware now gets access to all your data and frighteningly enough, no 2 step authentication is prompted to targetted users as the spyware steals the authentication tokens. The phone plus its location are mimicked under a separate server that then syncs all the data which it sends to surveillance operators.
If this is true, it's a pretty good way of gaining access to the user's cloud service — sure. Tokens are only set when an authentication has been completed by the user. Steal them and you've basically pwned the victim's entire account. It's also difficult to detect misuse. (4/)
— Zack Whittaker (@zackwhittaker) July 19, 2019
According to the Financial Times, no one knows who has been targetted by this updated spyware. However, it has been reported that Q-Cyber, NSO Group’s parent company tried to sell it to Uganda’s government.
NSO says that they sell the software to governments who it hopes will use it for good such as fighting crime and counter terrorist attacks. Worryingly, the same software has been found to be snoop on civil rights activists and journalists mainly in authoritarian states.
Worth noting, the company didn’t deny that they updated their spyware. Some of the tech giants are said to be investigating if their services have been compromised.
In a statement to The Next Web, Google said that they found no evidence of malpractice to users accounts or their systems.
This recent revelation now calls for the faster adoption of more secure methods especially FIDO2 certified ones such as passwordless logins to authenticate your online accounts especially since we’ve now moved to storing our personal information on the cloud.
Users online now want attention diverted from the FaceApp privacy concerns to focus on this recent and pretty huge revelation.
Imagine if this was an Iranian or Russian company… https://t.co/RHPXSAxUvD
— Matt Suiche (@msuiche) July 19, 2019