Israeli firm NSO Group has a tool called Pegasus which is capable of not only extracting data from a phone’s onboard storage but also from the cloud services they are talking to including iCloud.
Pegasus works not just on iPhones and iCloud but also on Android devices and almost all third-party apps that communicate with a remote server even over an encrypted connection.
NSO Group is the same company which was responsible for finding a WhatsApp exploit that allowed it to install surveillance spyware on iPhones and Android. The company’s CEO was even on an episode of 60 minutes earlier this year where he answered questions related to Pegasus being used for the murder of Khashoggi, fighting terror, and more.
The Israeli firm only sells the software to government agencies to help them with criminal investigations, but it is unclear if the tool is only being used for that specific purposes by the government or for other purposes as well. It has been alleged that NSO Group sold Pegasus to Saudi Arabia.
The Financial Times report claims that the software creates a copy of the authentication token being used by cloud services like iCloud. After this, it does a man-in-the-middle attack which allows it to request and extract data from the server as it wishes to. This includes one’s location history, messages, photos, important documents, and more.
The hack works irrespective of whether one has two-factor authentication enabled or not.
In its statement, Apple did not deny the existence of such a tool but it believes that they are not useful enough for widespread attacks.
As mentioned, Pegasus works not just on iPhones but on Android phones along with laptops, tablets, and other devices as well. Given that the tool is not being used for any kind of widespread attacks, it is unlikely that Apple, Google, and other tech giants will put too much effort into blocking it.