NSO Group’s Pegasus Software Snoops on iOS Without Being Noticed

by

July 23, 2019

This is some spooky stuff.

The Financial Times is reporting that Israeli firm NSO Group has developed software that can not only collect data from an iPhone user’s physical device abut also collect all communication between it and the cloud. There’s even a version that works on Android devices.

It can even snoop on third-party apps that communicate via encrypted connections.

According to the report NSO Group only sells to governments to assist with criminal investigations, but there are some concerns more authoritarian parties might be using it to spy on all of their citizens who use IoT devices that run iOS or Android.

How’s it work?

Again, according to the report, the Pegasus software is able to capture and clone authentication tokens used for things like iCloud and then introduce a man in the middle attack that allows it to pretend to be the device in question and download whatever the heck it wants.

Facebook, Instagram, your banking app, anything is open game to Pegasus.

Apple’s official response regarding Pegasus is pretty dismissive. In a statement to the Financial Times acknowledged the existence of some very expensive tools that do some of the things Pegasus can do but that they’re all that useful for widespread attacks.

Some background on NSO Group

NSO Group does have a pedigree when it comes to infiltrating trusted apps and service platforms. They were responsible for a WhatsApp hack earlier this year.

Conclusion

The actual Financial Times article can only be read if you have a subscription, so the next best thing is this article from Gizmodo. Only time will tell if there’s any truth to what NSO Group is claiming Pegasus can do. We’ll keep our ear to the ground and update you as new information becomes available.

Like our blog? Subscribe to it using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts? Use the comment section below!

Carl Keyser is a Digital Marketing Specialist at Integris.

Keep reading

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

As a business owner, it's important to make the most of your resources. This includes finding cost-effective solutions for managing and maintaining your company's technology. Keeping a competitive edge in your industry requires secure, modern tech that allows your...

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

If you’re wondering where to find top IT services in Minneapolis, it’s important to identify providers that offer a wide range of support, have great service and provide solid tech expertise. Comprehensive technology insight is especially important when it comes to IT...

Webinar: Email Security that Doesn’t Suck…

Webinar: Email Security that Doesn’t Suck…

Trustifi and Security 7 present Email Security That Doesn’t Suck.  In today’s age of over-complicated security tools, it is extremely difficult to manage the fine balance between security and productivity.   {% video_player "embed_player" overrideable=False,...