Israeli firm NSO Group has reportedly developed a new spyware tool able to harvest data both from iOS devices and their connected cloud accounts.
The tool, called Pegasus, also works with Android devices. The data it is able to gather even reportedly includes encrypted messages from third-party apps. It does this by fraudulently posing as the user to download their private content.
According to the Financial Times, the tool is able to capture a “much greater trove of information stored beyond the phone in the cloud, such as a full history of a target’s location data, archived messages or photo.”
A tool for governments
It’s being sold as an assistive tool for governments to use for criminal investigations. This is something which previously caused a standoff between Apple and the FBI. The incident occurred after Apple refused to help unlock the iPhone of a suspected terrorist.
The tool can be used regardless of 2-factor login, and does not trigger the sending of a warning message to users. This means that it could be used on people without their knowledge.
Apple has not denied that the tool exists. It told the Financial Times that, “some expensive tools may exist to perform targeted attacks on a very small number of devices.” However, it said that, “we do not believe these are useful for widespread attacks against consumers.”
Researchers at Citizen Lab suggest that NSO tools have been used by at least 45 countries. This includes both the U.S. and U.K. The firm was previously behind a WhatsApp exploit we wrote about back in May.