
Israeli surveillance tool silently collects all cloud and communications data - acollins1331
https://9to5mac.com/2019/07/19/israeli-icloud-hack-man-in-the-middle/
======
acollins1331
>The vulnerability purportedly affects the iPhone and Apple’s iCloud as well
as Google Android phones, and even third-party apps installed on the phone
that communicate over “encrypted and secure” connections.

The spyware is sold by NSO Group is supposedly only sold to governments to
assist with crime investigations, but there are fears that the Pegasus spyware
is also used by countries to help enforce authoritarian and dictatorship
leadership.

The new version of the Pegasus software is supposedly able to capture and
clone the authentication tokens used for services like iCloud. Then, it can
essentially construct a man-in-the-middle attack to pretend to be the target
user’s device, and download whatever data it pleases from the origin server by
making requests that seem to be coming from the origin phone.

