The Israeli firm behind software used to hack WhatsApp boasted that it can scrape data from Amazon, Apple, Facebook, Google, and Microsoft cloud servers

Karly Domb Sadof/AP

NSO was behind an infamous WhatsApp hack.

• NSO Group, the Israeli security firm whose Pegasus malware was used in a WhatsApp hack in May, has boasted it can break into the cloud services of big tech companies, according to the Financial Times.
• The FT reviewed sales documents from NSO which said its new system could obtain a target's entire location data history, archived messages, and photos.
• The cloud services of Apple, Google, Facebook, Amazon and Microsoft were all referenced as being vulnerable in the FT report. Some are investigating the issue.
• "We do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure," an NSO spokesperson told the FT.
• Visit Business Insider's homepage for more stories.

The company behind a WhatsApp hack has been boasting that it can break into the cloud services of big tech companies, including Amazon, Apple, Facebook, Google, and Microsoft, the Financial Times reports.

The Israeli security firm NSO group is infamous for its malware, Pegasus, which the FT said in May had been used to hack the phones of human rights activists using just a single WhatsApp call. The malware could make its way onto the target's phone, even if they didn't pick up.

Complimentary Tech Event

Transform talent with learning that works

Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Now NSO has been telling potential clients Pegasus has been developed to target cloud servers, according to people familiar with the sales pitch and documents shared with the FT. NSO reportedly said in its pitch that, by hacking into these servers, it could access someone's entire location data history, archived messages, and photos.

According to the sales documents viewed by the FT, the method involves copying authentication keys for services like Google Drive, Facebook Messenger and iCloud, from a targeted phone. Once this is done, a separate server can then impersonate the device without alerting the real owner.

The document said that even if the malware is removed from the device, attackers could still have unlimited access to data uploaded to the cloud, the FT reported.

Read more: Meet the shadowy security firm from Israel whose technology is believed to be at the heart of the massive WhatsApp hack

"We do not provide or market any type of hacking or mass-collection capabilities to any cloud applications, services or infrastructure," an NSO spokesperson told the FT. However, the FT said it did not explicitly deny having developed the capabilities described in the reviewed documents.

NSO did not immediately respond to Business Insider's request for comment.

Some of the big tech companies mentioned in the report are now conducting investigations.

"We have no evidence that Amazon corporate systems, including customer accounts, have been accessed by the software product in question. We take customer privacy and security extremely seriously, and will continue to investigate and monitor the issue," an Amazon spokesman told Business Insider.

Facebook added: "Protecting the security of people's accounts is a top priority. We are reviewing these claims."

Microsoft told the FT its security technology was "continually evolving." Apple told the newspaper that its operating system is "the safest and most secure computing platform in the world."

"While some expensive tools may exist to perform targeted attacks on a very small number of devices, we do not believe these are useful for widespread attacks against consumers," Apple added.

Google declined to comment when contacted by the FT.

Apple, Google, and Microsoft were not immediately available for comment when contacted by Business Insider.