Israeli Security Firm Claims Spyware Tool Can Harvest iCloud Data in Targeted iPhone Attack

An Israeli security firm claims it has developed a smartphone surveillance tool that can harvest not only a user's local data but also all their device's communications with cloud-based services provided by the likes of Apple, Google, Amazon, and Microsoft.

nso israeli surveillance firm
According to a report from the Financial Times [paywalled], the latest Pegasus spyware sold by NSO Group is being marketed to potential clients as a way to target data uploaded to the cloud. The tool is said to work on many of the latest iPhones and Android smartphones, and can continue to harvest data even after the tool is removed from the original mobile device.

The new technique is said to copy the authentication keys of services such as Google Drive, Facebook Messenger and iCloud, among others, from an infected phone, allowing a separate server to then impersonate the phone, including its location.

This grants open-ended access to the cloud data of those apps without "prompting 2-step verification or warning email on target device", according to one sales document.

Attackers using the malware are said to be able to access a wealth of private information, including the full history of a target's location data and archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration.

When questioned by the newspaper, NSO denied promoting hacking or mass-surveillance tools for cloud services, but didn't specifically deny that it had developed the capability described in the documents.

In response to the report, Apple told FT that its operating system was "the safest and most secure computing platform in the world. While some expensive tools may exist to perform targeted attacks on a very small number of devices, we do not believe these are useful for widespread attacks against consumers." The company added that it regularly updates its operating system and security settings.

The news raises concerns that such spyware could be used by repressive regimes and other shady attackers to monitor members of the public. In May, for example, WhatsApp disclosed a vulnerability that allowed hackers to remotely exploit a bug in the app's audio call system to access sensitive information on an iPhone or Android device.

Security researchers said that the spyware that took advantage of the WhatsApp flaw featured characteristics of the Pegasus spyware from NSO Group, which maintains that its software, costing millions of dollars, is only sold to responsible governments to help prevent terrorist attacks and criminal investigations.

However, the WhatsApp flaw was used to target a London lawyer who has been involved in lawsuits against the NSO Group, and security researchers believe others could have been targeted as well.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Popular Stories

Tim Cook Rainbow

Apple Event in October? Here's What to Expect

Monday September 29, 2025 9:31 am PDT by
Apple's annual iPhone event is in the rearview mirror, but rumors suggest the company plans to release a handful of additional products before the year ends. Will there be another Apple event this October? We discuss the possibility below. Apple in October Apple's most recent October events were in 2021 and 2023. In 2022 and 2024, Apple did not host an October event. Instead, it...
Home Hub Command Center with Dome Base Feature

Apple Working on All-New Operating System

Thursday September 25, 2025 1:11 pm PDT by
Apple is developing an all-new operating system codenamed "Charismatic," according to Bloomberg's Mark Gurman. Apple smart home hub concept based on rumors This is likely Apple's long-rumored "homeOS" operating system. In a report last month, Gurman said both Apple's rumored smart home hub in 2026 and tabletop robot in 2027 will run the new operating system. He said the software platform ...
apple wallet drivers license feature iPhone 15 pro teal 1

Apple's iPhone Driver's License Feature Now Available in 11 U.S. States

Tuesday September 30, 2025 6:40 am PDT by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Apple recently revealed that the feature would soon be available in North Dakota, and starting today, the feature has officially gone...
maxresdefault

New iPad Pro With M5 Chip Leaked in Unboxing Video

Tuesday September 30, 2025 8:39 am PDT by
An apparent unboxing video for an unannounced iPad Pro with the M5 chip was uploaded to YouTube today by Russian channel Wylsacom. The same YouTube account leaked the 14-inch MacBook Pro with the M4 chip before it was announced by Apple last year, so this is likely a legitimate leak. Based on the box shown in the video, this appears to be a 13-inch iPad Pro with an M5 chip, 256GB of...
Apple MacBook Pro M4 hero

New MacBook Pro Nears Mass Production, But Four Bigger Upgrades Expected Next Year

Sunday September 28, 2025 2:08 pm PDT by
Apple's next MacBook Pro models will enter mass production soon, according to the latest information shared by Bloomberg's Mark Gurman. In his Power On newsletter today, Gurman said he continues to believe the new MacBook Pro models will be released at some point between late 2025 and the first quarter of 2026, meaning they should be available to order by March at the latest. Apple often...
iOS 26

Apple Releases iOS 26.0.1 With Fixes for Wi-Fi, Cellular, and Camera Issues on iPhone 17 Models

Monday September 29, 2025 10:12 am PDT by
Apple today released iOS 26.0.1 and iPadOS 26.0.1, the first updates to the iOS 26 and iPadOS 26 operating systems that came out earlier this week. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. According to Apple's release notes for the update, iOS 26.0.1 addresses a bug that could cause aberrations in...
fcc vision pro leak

FCC Accidentally Leaks Apple's Next Vision Pro

Tuesday September 30, 2025 3:48 pm PDT by
The United States Federal Communications Commission (FCC) has seemingly confirmed Apple's work on an updated version of the Vision Pro headset. One of several documents the FCC shared today references an Apple-designed "Head Mounted Device" with a model number of A3416. An included image confirms the device is a Vision Pro. The FCC's uploads are transmission tests, SAR test reports, and...
iOS 26

Apple Continues to Prepare iOS 26.0.1 With Multiple Bug Fixes Expected

Sunday September 28, 2025 1:30 pm PDT by
Apple is preparing to release iOS 26.0.1, according to a private account on X with a proven track record of sharing information about future iOS versions. The account initially said iOS 26.0.1 would have a build number of 23A350, but they now expect the update to have a build number of 23A355. This suggests that the software update will include more bug fixes or changes than initially...
macbook pro prime day 2025

FCC Leaks Upcoming MacBook Pro and More

Tuesday September 30, 2025 1:58 pm PDT by
The United States Federal Communications Commission has confirmed Apple's work on a new version of the MacBook Pro and several other products, leaking details on the devices ahead of launch. The FCC published documents that reference model numbers that do not correspond with existing devices. A3434, for example, references an unreleased MacBook Pro, while other numbers are likely for...
ipad mini 7 feature blue

iPad Mini 8 Rumors: Everything We Know So Far

Monday September 29, 2025 8:55 am PDT by
Apple's eighth-generation iPad mini is likely to arrive next year, so here's what to expect. The current iPad mini came out in 2024, with the main upgrade over the previous version being the A17 Pro chip and Apple Intelligence support. The previous generation introduced a complete redesign and the A15 Bionic chip. In August, Apple mistakenly shared code that revealed key information about ...

Top Rated Comments

Mactendo Avatar
81 months ago
As they are a company in a fairly western democracy, that will be regularly audited by both government and private regulators and accounting firms, the liklihood of what you're claiming is probably low.
Oh, please.
Score: 30 Votes (Like | Disagree)
thasan Avatar
81 months ago
their claims about selling it to only legitimate authorities are as filmsy as it gets.
i wonder who audits their claims
Score: 28 Votes (Like | Disagree)
Pbrutto Avatar
81 months ago
Not surprised, encryption of iCloud communication and storage has been a frequently mentioned topic. If Apple gets on full encryption, we would all be better off.

Also, can we talk about how Apple isn’t offering iCloud Mac backups yet? Think of how much $ they are leaving on the table. Actually, I’m shocked they aren’t ready for this yet, they would be raking in the cash from people upgrading their storage to do backups.
Score: 22 Votes (Like | Disagree)
Osamede Avatar
81 months ago
"Responsible governments."
Snowden revelations say they are all uniformly irresponsible when it comes to disrespect of privacy. So it’s all one big kabuki theatre then...
Score: 19 Votes (Like | Disagree)
Phil A. Avatar
81 months ago

If you use 'Documents in the cloud' then your Mac is effectively backed up already.
I'd have to disagree with that statement - while a synced copy of your documents on iCloud is better than nothing, it is definitely not a backup.

Firstly, Anything that isn't in the synced folders doesn't get copied over to iCloud

Secondly, I believe versions only exist for iWork documents so if you mess up any other kind of document or it gets encrypted by ransomware for example, that messed up copy will immediately sync to iCloud and any other device connected to it and if there are no versions stored then you have lost it

In my view, backups should be immutable and no sync service can replace a backup
Score: 16 Votes (Like | Disagree)
jayducharme Avatar
81 months ago
The cat-and-mouse game continues. There will be a market for this as long as governments don’t trust their citizens and citizens don’t trust their government.
Score: 14 Votes (Like | Disagree)