An Israeli security group claims to be able to access all your encrypted data in the cloud. Here's why it's a bigger affair than you think

In the game of the cat and mouse that we all apparently participate in to keep our information secure online, the Israeli security company NSO would let governments know that its Pegasus software is capable of decrypting encrypted cloud storage, including iCloud, OneDrive, and Google Drive.

In a statement to AppleInsider, the company said, "We do not provide or commercialize any type of hacking or mbad collection capabilities for cloud-based applications, services, or infrastructures."

However, he did not deny having such technology and the Financial Times report said the company's Pegasus software had been found on peripherals in the wild. I contacted the company but I did not receive an immediate response.

First of all, a little good news. For the technology to work, the company should have root access to your device. This means that to install software that gives it control over your iPhone or Android device, it must access the central subsystems of the device, instead of just downloading a normal application.

As INS argues that it only provides software to government agencies, so it is very unlikely that your device will be in danger, unless it falls into the hands of the forces of the world. Order or an intelligence service.

If this is the case, it is likely that your iCloud account is not your biggest immediate concern.

But, there is bad news and it's actually a big problem. The NSO claims to sell its technology only to governments, which is, I guess, a consolation because at least it is unlikely to end up in the hands of hackers. But is it really less disconcerting?

In reality, this means that your government is constantly looking for ways to undermine your privacy if it deems it necessary. The only reason that such a product would exist, is because governments are not fans of encryption because it means that they can not access the content of your mobile device or your cloud storage .

Well, could you say, the government surely only wants to receive the information from the bad guys, is not it? Except that it does not matter. An encryption that can be freely broken when it is used by bad guys is not actually encryption. It's an illusion.

And the illusion does not really protect us from anything.

Ironically, most of us walk every day with the illusion of intimacy or protection. The fact that most of us have not had a violation of our information is simply a risk factor. This is essentially because no one has actually tried it.

It would be like painting the outside of a deadbolt lock on your door and then making sure you are safe. You are not, but you feel like you because no one has ever broken into your home.

But they could, if they even tried a little.

This is basically the situation with respect to your personal information when end-to-end encryption has a backdoor or may be broken by a government using a master key or brute force software.

These are hardware or software tools that either enter a global "unlock" pbadword that works on each device, or tools that enter pbadword options in the right order until the pbadword is reached. One of them works.

Device manufacturers such as Apple, Samsung and Google are constantly working to counter the encryption advances used to secure your smartphone or cloud storage account, but it's increasingly clear that the government equally strives to maintain its ability to maintain its capabilities. nose in your business.

Google responded with a statement from a spokesperson:

"We have found no evidence of access to Google accounts or systems, and we are continuing our investigation.We automatically protect users against security threats and we encourage them to use tools such as our Verification of security, two-step verification and our advanced verification software.Protection program, if they think they may be attacked with a particularly high risk. "

I also contacted Apple, Microsoft and Dropbox to find out whether or not they thought their systems might be compromised, but I did not receive a response before publication.

Look, your data is in high demand. Companies such as Google and Facebook are making huge profits by targeting you with ads deemed relevant based on the information they collect. Bad actors really want to have access to sensitive information such as their bank and credit card identifiers, or even their medical records.

It would be bad enough, but honestly, at least in these cases, protections can counter their attempts. At least public opinion and the free market can intervene when companies go too far, and the law offers some degree of redress when the bad guys attack.

What is even more scary is that the government is just as interested in ensuring that it can get your information where it wants it.

Update: Google responded with a statement.