Israeli spyware used in WhatsApp hack 'can secretly snoop on your Apple, Facebook and Google data'

At risk: The spyware is said to be capable of accessing cloud data of a number of apps. Photo: PA

Adrian Weckler

The hacking spyware that caused WhatsApp to tell 1.5 billion users they needed to update their app with a security patch may have even greater infiltration abilities, according to a new report.

Potential customers of the Israeli company NSO's hacking software have allegedly been told that the technology can now "surreptitiously scrape all of an individual's data from the servers of Apple, Google, Facebook, Amazon and Microsoft".

The Israeli firm's capability, first revealed by the 'Financial Times', has caused the Silicon Valley giants to review the security of their own services.

NSO sells its spyware as a high-level security weapon to spy agencies and governments for millions of euro.

Its technology is now reportedly said to be capable of accessing cloud data of apps such as iCloud, Facebook Messenger and Google Drive, bypassing normal security controls. This would allow an attacker to get significant access to large flows of data in phones, laptops and other devices that are infected.

In May, WhatsApp engineers discovered that the messaging service used around the world could allow the NSO spyware into a user's phone simply by another person making a WhatsApp voice call to the user's device.

The WhatsApp call did not have to be answered for the spyware 'payload' to work.

WhatsApp described the infiltration as "sophisticated" and bearing all the hallmarks of a "private company working with governments on surveillance".

WhatsApp, which is part of Facebook, then informed the Irish Data Protection Commissioner (DPC) as the entity's lead regulator in the EU.

"The DPC understands that the vulnerability may have enabled a malicious actor to install unauthorised software and gain access to personal data on devices which have WhatsApp installed," a spokesman for Helen Dixon's office said at the time.

But NSO's parent company, Q-Cyber, is continuing to pitch the software to national governments, according to the 'Financial Times' report.

A sales document seen by the newspaper described its technology as being able to "retrieve the keys that open cloud vaults" and "independently sync-and-extract data".

NSO claims its technology is licensed to government agencies "for the sole purpose of fighting crime and terror", and it does not operate the system itself while having a rigorous licensing and vetting process. "We do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure," the company said.

"We investigate any credible allegations of misuse and, if necessary, we take action, including shutting down the system."

Private equity firm Novalpina, which purchased a majority stake in the Israeli company in February 2019, recently defended the firm's technology. It claimed that the NSO software has been used to hack phones to prevent terrorist attacks, infiltrate drug cartels and help rescue kidnapped children.