The Israeli surveillance / spyware development group NSO developed Pegasus software that can harvest data from user’s built in storage. Apple is now facing another security threat through which NSO can collect iCloud data as well.
NSO group develops spyware programs for governments, these programs are then used to assist with criminal activities but recent reports suggest that these programs might be in hands of those who want to use it for dictatorship purpose.
This new vulnerability effects iPhones, iCloud, Android phones as well as apps that transmit data over encrypted and secure connections.
Pegasus can capture and clone authentication tokens for services like Apple iCloud and then launch a man in the middle attack to pretend to be the user and then can download whatever data they want from the origin servers. For example, it can use user’s Facebook credentials or can download messages stored in the cloud.
This hack can affect phones, iPads and even laptops. Tech companies are working to find the techniques Pegasus use. We might see strong counter measures in future.