Israeli Security Firm Claims Spyware Tool Can Harvest iCloud Data in Targeted iPhone Attack

An Israeli security firm claims it has developed a smartphone surveillance tool that can harvest not only a user's local data but also all their device's communications with cloud-based services provided by the likes of Apple, Google, Amazon, and Microsoft.

nso israeli surveillance firm
According to a report from the Financial Times [paywalled], the latest Pegasus spyware sold by NSO Group is being marketed to potential clients as a way to target data uploaded to the cloud. The tool is said to work on many of the latest iPhones and Android smartphones, and can continue to harvest data even after the tool is removed from the original mobile device.

The new technique is said to copy the authentication keys of services such as Google Drive, Facebook Messenger and iCloud, among others, from an infected phone, allowing a separate server to then impersonate the phone, including its location.

This grants open-ended access to the cloud data of those apps without "prompting 2-step verification or warning email on target device", according to one sales document.

Attackers using the malware are said to be able to access a wealth of private information, including the full history of a target's location data and archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration.

When questioned by the newspaper, NSO denied promoting hacking or mass-surveillance tools for cloud services, but didn't specifically deny that it had developed the capability described in the documents.

In response to the report, Apple told FT that its operating system was "the safest and most secure computing platform in the world. While some expensive tools may exist to perform targeted attacks on a very small number of devices, we do not believe these are useful for widespread attacks against consumers." The company added that it regularly updates its operating system and security settings.

The news raises concerns that such spyware could be used by repressive regimes and other shady attackers to monitor members of the public. In May, for example, WhatsApp disclosed a vulnerability that allowed hackers to remotely exploit a bug in the app's audio call system to access sensitive information on an iPhone or Android device.

Security researchers said that the spyware that took advantage of the WhatsApp flaw featured characteristics of the Pegasus spyware from NSO Group, which maintains that its software, costing millions of dollars, is only sold to responsible governments to help prevent terrorist attacks and criminal investigations.

However, the WhatsApp flaw was used to target a London lawyer who has been involved in lawsuits against the NSO Group, and security researchers believe others could have been targeted as well.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Popular Stories

Generic iOS 18

Apple Announces iOS 18.2 Launching Today With These New Features

Wednesday December 11, 2024 5:23 am PST by
Apple has announced that iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2 will be released today following more than six weeks of beta testing. For the iPhone 15 Pro and iPhone 16 models, the update introduces additional Apple Intelligence features, including Genmoji for creating custom emoji, Image Playground and Image Wand for generating images, and ChatGPT integration for Siri. There is also ...
Generic iOS 18

Apple Seeds Second Release Candidate Versions of iOS 18.2 and More With Genmoji, Image Playground and ChatGPT Integration

Monday December 9, 2024 10:06 am PST by
Apple today seeded the second release candidate versions of upcoming iOS 18.2, iPadOS 18.2, and macOS 15.2 updates to developers and public beta testers for testing purposes, a week after releasing the first RCs. The first iOS 18.2 RC had a build number of 22C150, while the second RC's build number is 22C151. Release candidates represent the final version of beta software that's expected to see a ...
iPhone SE 4 Single Camera Thumb 3

iPhone SE 4 Said to Feature 48MP Rear Lens, 12MP TrueDepth Camera

Monday December 9, 2024 4:48 am PST by
Apple's forthcoming iPhone SE 4 will feature a single 48-megapixel rear camera and a 12-megapixel TrueDepth camera on the front, according to details revealed in a new Korean supply chain report. ET News reports that Korea-based LG Innotek is the main supplier of the front and rear camera modules for the more budget-friendly ~$400 device, which is expected to launch in the first quarter of...
macOS Sequoia Night Feature

Apple Releases macOS Sequoia 15.2 With New Apple Intelligence Features

Wednesday December 11, 2024 10:02 am PST by
Apple today released macOS Sequoia 15.2, the second update to the macOS Sequoia operating system that was released in September. macOS Sequoia 15.2 comes over a month after the release of macOS Sequoia 15.1. Mac users can download the ‌macOS Sequoia‌ update through the Software Update section of System Settings. macOS Sequoia 15.2 adds Image Playground, an app that lets you create...
m4 mac mini hands on

Cloud-Based M4 and M4 Pro Mac Mini Models Now Available

Wednesday December 11, 2024 7:34 am PST by
Developers now have access to cloud-based M4 and M4 Pro Mac mini units via MacWeb, a Silicon Valley-based provider of cloud services. The company has launched three configurations of the new Mac mini, powered by Apple's M4 and M4 Pro chips. Developers and IT teams can rent these machines for tasks ranging from basic development to advanced artificial intelligence modeling, providing an...
maxresdefault

Apple Releases iOS 18.2 and iPadOS 18.2 With Genmoji, Image Playground, Siri ChatGPT and More

Wednesday December 11, 2024 10:03 am PST by
Apple today released iOS 18.2 and iPadOS 18.2, the second major updates to the iOS 18 and iPadOS 18 updates that came out in September. The new updates come over a month after Apple released iOS 18.1 and iPadOS 18.1. Subscribe to the MacRumors YouTube channel for more videos. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General >...
Apple MacBook Pro M4 hero

MacBook Pros With OLED Displays Won't Have a Notch, Roadmap Shows

Monday December 9, 2024 7:36 am PST by
Apple plans to remove the notch from the MacBook Pro in a few years from now, according to a roadmap shared by research firm Omdia. The roadmap shows that 14-inch and 16-inch MacBook Pro models released in 2026 will have a hole-punch camera at the top of the display, instead of a notch. It is unclear if there would simply be a pinhole in the display, or if Apple would expand the iPhone's...

Top Rated Comments

Mactendo Avatar
71 months ago
As they are a company in a fairly western democracy, that will be regularly audited by both government and private regulators and accounting firms, the liklihood of what you're claiming is probably low.
Oh, please.
Score: 30 Votes (Like | Disagree)
thasan Avatar
71 months ago
their claims about selling it to only legitimate authorities are as filmsy as it gets.
i wonder who audits their claims
Score: 28 Votes (Like | Disagree)
Pbrutto Avatar
71 months ago
Not surprised, encryption of iCloud communication and storage has been a frequently mentioned topic. If Apple gets on full encryption, we would all be better off.

Also, can we talk about how Apple isn’t offering iCloud Mac backups yet? Think of how much $ they are leaving on the table. Actually, I’m shocked they aren’t ready for this yet, they would be raking in the cash from people upgrading their storage to do backups.
Score: 22 Votes (Like | Disagree)
Osamede Avatar
71 months ago
"Responsible governments."
Snowden revelations say they are all uniformly irresponsible when it comes to disrespect of privacy. So it’s all one big kabuki theatre then...
Score: 19 Votes (Like | Disagree)
Phil A. Avatar
71 months ago

If you use 'Documents in the cloud' then your Mac is effectively backed up already.
I'd have to disagree with that statement - while a synced copy of your documents on iCloud is better than nothing, it is definitely not a backup.

Firstly, Anything that isn't in the synced folders doesn't get copied over to iCloud

Secondly, I believe versions only exist for iWork documents so if you mess up any other kind of document or it gets encrypted by ransomware for example, that messed up copy will immediately sync to iCloud and any other device connected to it and if there are no versions stored then you have lost it

In my view, backups should be immutable and no sync service can replace a backup
Score: 16 Votes (Like | Disagree)
jayducharme Avatar
71 months ago
The cat-and-mouse game continues. There will be a market for this as long as governments don’t trust their citizens and citizens don’t trust their government.
Score: 14 Votes (Like | Disagree)