Australian Smartphones Connected To Apple, Microsoft Google Facebook Servers Exposed
An Israeli company whose spyware hacked WhatsApp has told buyers that they can easily scrape all data of smartphones used by Australians whose information is stored on servers of Apple, Google, Facebook, Amazon and Microsoft which includes all Office 365 mobile data.
The revelations come as Australians claimed that they are concerned about Chinese smartphone Companies such as Huawei and Oppo.
NSO Group uses smartphone malware know as Pegasus which ChannelNews understands is used by Australian security agencies and the Australian Federal Police who are now looking to prosecute journalists for exposing corruption among Government agencies.
According to sources Australian authorities are harvesting data from targeted individuals’ smartphones, what is not known is whether they have a warrant to do this or after obtaining information they find ways to justify the issuing of a warrant.
Now the Israeli Company is looking to capture a bigger trove of information stored beyond the phone in the cloud, such as a full history of a target’s location data, archived messages or photos, according to people who shared documents with the UK Financial Times.
The big question now is how Australians can trust the likes of Apple, Facebook, Google and Microsoft who manage billions of users and are expected to keep critical personal information, corporate secrets and medical records safe from potential hackers and Government snoopers.
NSO denied promoting hacking or mass-surveillance tools for cloud services.
In Australia the Federal Police and Home Affairs Minister Peter Dutton want to prosecute journalists for exposing the existence of secret documents that reveal how Government agencies are snooping on the general public.
The company has always maintained that its software, which is designated by Israel as a weapon, is only sold to responsible governments to help prevent terrorist attacks and crimes.
The FT said that Pegasus has been traced by researchers to the phones of human rights activists and journalists around the world, raising allegations that it is being abused by repressive regimes.
The new technique is said to copy the authentication keys of services such as Google Drive, Facebook Messenger and iCloud, among others, from an infected phone, allowing a separate server to then impersonate the phone, including its location.
This grants open-ended access to the cloud data of those apps without “prompting 2-step verification or warning email on target device”, according to one sales document.
It works on any device that Pegasus can infect, including many of the latest iPhones and Android smartphones, according to the documents obtained by the FT.
Microsoft said its technology was “continually evolving to provide the best protections to our customers” and urged users to “maintain a healthy device”.
Apple said its operating system was “the safest and most secure computing platform in the world despite NSO able to hack their devices.
“This has got to be a serious wake-up call for a lot of companies,” said John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, who has been following the use of Pegasus.
He said it “accelerates the need for stronger forms of device authentication”.