iPhone’s ForcedEntry flaw was exploited by another spy firm
NSO Group Technologies, based in Israel, made headlines last year after it was revealed the company created an iPhone iMessage exploit dubbed “Pegasus” that was used to spy on journalists and other high-profile individuals on behalf of various governments. NSO was then sued by Apple, but it turns out that the same exact flaw was exploited by a second, apparently-independent, spying firmware by the name of QuaDream also based in Israel. QuaDream called its exploit “REIGN”.
As reported by Reuters, QuaDream is a lower-profile Israeli firm that also develops smartphone hacking tools intended for government clients, just like NSO Group. According to five different sources, both firms gained the ability to break into iPhones remotely last year. The vulnerabilities developed by each firm are so similar that Apple’s software patch designed to fix NSO Group’s attack also closed the hole that QuaDream was using for the same purpose. Furthermore, experts who analyzed the intrusions engineered by both firms believe that they leverage a lot of the same vulnerabilities inside of Apple’s software.
QuaDream apparently is keeping a much lower profile than NSO, despite allegedly serving some of the same government clients. The company has no website touting its business and employees have been told to keep any reference to their employer off social media, according to a Reuters source familiar with the company. Corporate documents revealed Ilan Dabelstein, a former Israeli military official, as the founder of the company, alongside Guy Geva and Nimrod Reznik, two ex-employees of NSO. It was also said that both firms employed some of the same engineering talent, and a pair of sources known to Reuters said that the companies did not collaborate on iPhone hacks.
According to product brochures observed by Reuters that were distributed in 2019 and 2020, could take control of a smartphone and read messages from WhatsApp, Telegram, and Signal, as well as emails, photos, texts, and contacts. It’s “premium collection” capabilities included “real-time call recordings”, “camera activation – front and back” and “microphone activation”.
As for pricing, one QuaDream system, which would have given customers the ability to launch 50 smartphone break-ins per year, was being offered for $2.2 million exclusives of maintenance costs. Two people familiar with the matter said that this was a lower price than REIGN normally cost.
Reuters attempted to contact QuaDream repeatedly, contacting executives and business partners. A journalist from Reuters attempted to visit the QuaDream offices in the Tel Aviv suburb of Ramat Gan but received no response at the door. A lawyer listed on the corporate registration form also did not respond to any requests for comment.
In a written statement given to Reuters, an NSO spokeswoman said the company “did not cooperate” with QuaDream but that “the cyber intelligence industry continues to grow rapidly globally.” An Apple spokesperson did not respond to a request for comment as to whether or not the company intends to also take action against QuaDream.