Facebook, Google and Amazon among companies susceptible to malware from Israeli firm: report
An Israeli firm is reportedly telling prospective clients that it can scrape user data from cloud servers provided by Apple, Google, Facebook, Amazon and Microsoft.
The sales pitch from NSO Group comes after it was unveiled earlier this year that the firmās signature malware, known as Pegasus, was used to penetrate Facebookās WhatsApp service.
MORE FROM FOXBUSINESS.COM ...
Spy agencies and foreign governments have used the product for years to gather information from smartphones.
But now, NSOĀ is marketingĀ Pegasus as a tool to scrape data from the billions of individuals who use cloud services from the top U.S. tech firms, including location data, photos and messages, according to the Financial Times, which cited individuals familiar with the issue and company documents.
NSO denied the charges, telling the publication it does ānot provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure.
| Ticker | Security | Last | Change | %Chg |
|---|---|---|---|---|
| APPL | n.a. | n.a. | n.a. | n.a. |
| GOOGL | ALPHABET INC. | 1,131.55 | -15.69 | -1.37% |
| AMZN | AMAZON.COM INC. | 1,964.52 | -13.38 | -0.68% |
| FB | FACEBOOK INC. | 198.36 | -2.42 | -1.21% |
| MSFT | MICROSOFT CORP. | 136.62 | +0.20 | +0.15% |
NSO markets the software as a weapon, but says it only sells Pegasus to responsible governments as a way to protect against potential illicit activity and terrorist attacks. Uganda's government, for example, is one of the prospective clients pitched on the ability of Pegasus to "retrieve the keys that open cloud vaults," the FT reported.
But PegasusĀ is said to be used to track human rights activists around the globe, raising significant questions for the Silicon Valley giants who together oversee a treasure trove of user data.
To scrape the information, NSO reportedly copies authentication keys from already infected phones and impersonates that device on separate servers, avoiding the increasingly common two-step authentication process, according to the FT.
Security teams at the affected firms are said to be probing the technique.
CLICK HERE TO GET THE FOX BUSINESS APP
Amazon says no customer accounts have been accessed by the software. Facebook is investigating the issue, while Microsoft urged customers to keep a āhealthy device.ā
Apple said it did not believe the software was āuseful for widespread attacks against consumersā and Google declined to comment.
Gloss