Pegasus creator NSO Group's rival surveillance firm has also been helping governments hack into iPhone
India Today
NSO Group, which is famous for developing iPhone hacking tools such as Pegasus and FORCEDENTRY, has a newfound rival that reportedly has been working with various governments.
Phone surveillance is a hot topic again, thanks to a report that highlighted the spread of Pegasus, a snooping tool developed by Israel’s NSO Group, around the world. But a lesser known spyware firm, also from Israel, may be doing the same thing under the nose of watchdogs: hacking iPhones. Called QuaDream, the less popular surveillance tool making firm possesses similar technologies for hacking into the iPhone as the NSO Group, but it has managed to stay away from the spotlight.
Reuters has brought the Tel Aviv-based QuaDream to the light, highlighting in its report that it is a “smaller and low profile” Israeli firm that engages with governments from around the world to provide them with smartphone hacking tools. The firm was founded by two ex-NSO employees, which explains why its technology is closely identical to NSO Group’s and, at the same time, effective enough for sale to nations interested in snooping into phones.
Like NSO, QuaDream has managed to exploit the flaws in iPhone software to help its clients gain access to the devices surreptitiously. QuaDream reportedly sells a “zero-click” exploit, which is a sophisticated cyber-attack that can hack into iPhones and other smartphones without needing phishing. The firm calls the exploit REIGN and it is mostly identical to NSO Group’s FORCEDENTRY, which is infamous as the world’s most lethal and technologically advanced cyber exploit, according to people, including Google researchers, who analysed it.
An exploit is a set of computer code designed specifically to take advantage of any security loophole or vulnerability in software of the device it is purposed to hack and gain unauthorised access to data. Both REIGN and FORCEDENTRY used similar exploits to leverage the same vulnerabilities inside Apple’s iMessage platform and install malicious software on targeted iPhones, Reuters said.
REIGN can easily, Reuters said, “take control of a smartphone, scooping up instant messages from services such as WhatsApp, Telegram, and Signal, as well as emails, photos, texts and contacts.” Citing brochures from 2019 and 2020 for the hacking tool, the publisher said REIGN has “premium collection” capabilities such as “real time call recordings”, “camera activation - front and back” and “microphone activation.”
After Apple patched the vulnerability in iMessage in September last year, QuaDream’s REIGN and NSO’s FORCEDENTRY turned ineffective, underlining how similar the two hacking tools were. Apple declined to say anything about the newfound cyber surveillance firm or what its plan would be to counteract the hacking attempts, if any. However, it sued NSO Group in November last year, claiming in the lawsuit that the firm violated its terms and services agreement. The case is underway.
While NSO Group’s clients have come to the limelight, not much is known about the client base of QuaDream. However, the company has worked on behalf of the governments of Saudi Arabia, Mexico, Indonesia, and Singapore, according to Reuters.
