This tool can steal data from iCloud, Google Drive
An Israeli company, by the name of NSO Group, is selling a dangerous hacking tool, one that can be used to mine your personal files from Google Drive and iCloud.
It is an updated version of Pegasus, the program that was developed to break through the locks of iOS and Android devices.
Here's everything about it.
Pegasus can mine every bit of information on Android/iOS phones
Being one of NSO Group's most powerful hacking tools, Pegasus mines every bit of information from a smartphone, starting from messages and contacts to location/call history, photos, and videos.
It can sneak into phones via SMS links and is being sold for millions of dollars to governments and intelligence agencies looking to break into phones of potential suspects.
Now, it's been improved to hack into iCloud, Google Drive
Now, in a recent report, Financial Times revealed that Pegasus has been updated to steal data from Apple and Google's cloud services - iCloud and Google Drive.
And, not just that; it can even be used to hack into the servers of Amazon, Facebook, and Microsoft or to steal photos, messages, and locations from third-party services, the outlet claimed.
How it breaks through Google and Apple's security
As per FT, the spyware copies the authentication keys of iCloud, Google Drive, and other services through an infected device.
Then, it uses these keys to impersonate the phone on a separate server and open the gate to access all the data stored on the targeted services.
Notably, it works without even generating the prompt for two-step verification.
Should you worry about this?
While this tool is scary, there's a little-to-no chance that a hacker would get a multi-million dollar hacking tool just to break into your or your friend's iCloud.
An Apple spokesperson reiterated the same, noting "some expensive tools may exist to perform targeted attacks on a very small number of devices, [but] we do not believe these are useful for widespread attacks against consumers."
NSO Group was also behind WhatsApp malware
To recall, NSO Group, the company behind this tool, was also accused of developing the WhatsApp spyware that exploited an existing vulnerability in the messaging app for surveillance and spread it via simple voice calls.