The Apple software flaw exploited in 2021 by Israeli surveillance company NSO Group to break into iPhones was abused by a competing company at the same time, Reuters reported citing sources.
QuaDream is a smaller Israeli company developing smartphone hacking tools for government clients, the sources said.
The two companies gained the ability to remotely break into iPhones, the five sources said, compromising the devices without the owner opening a malicious link. That the two companies used the same sophisticated ‘zero-click’ hacking technique shows that phones are more vulnerable to digital spying than the industry will admit, an expert told Reuters.
“People want to believe they’re secure, and phone companies want you to believe they’re secure,” said Dave Aitel, a partner at cybersecurity company Cordyceps Systems.
Also Read | Apple iPhone 13 available with up to Rs 11,000 discount: Where, how to avail the offer
“What we’ve learned is, they’re not.”
Experts analysing NSO Group and QuaDream’s intrusions believe the companies used similar software, known as ForcedEntry, to hijack iPhones.
An exploit is a computer code that leverages specific software vulnerabilities, giving hackers access to data.
The analysts believe the two companies’ exploits were similar because they leveraged many of the same vulnerabilities in Apple’s instant messaging platform, three sources said.
Bill Marczak, a security researcher at Citizen Lab, said QuaDream’s zero-click capability seemed to be at a par with that of the NSO Group.
ForcedEntry is among the most technically sophisticated exploits captured by security researchers.
Two of the sources said that the two companies’ ForcedEntry was so similar that afer Apple fixed the flaws in September 2021, it rendered both their spy software ineffective.
In November, Apple sued the NSO Group over ForcedEntry, claiming that it had violated the company’s user terms and services agreement. That same month, Apple notified thousands of ForcedEntry targets, including journalists, elected officials, and human rights workers around the globe.
QuaDream was founded by former Israeli military official Ilan Dabelstein and two former NSO employees Guy Geva and Nimrod Reznik in 2016, according to Israeli corporate records.
Also Read | Meta reports first-ever quarterly user-base decline, $200 billion in market value wiped off as stock tumbles
Like the NSO Group’s Pegasus spyware, QuaDream’s product – REIGN – could take control of a smartphone device, scoop up instant messages from Signal, Telegram, and WhatsApp, as well as photos, emails, contacts, and texts.
One QuaDream system allowing 50 smartphone break-ins a year was being offered for $2.2 million, exclusive of maintenance costs, Reuters reported.
