Second Israeli firm exploited Apple loophole to hack iPhones – report

A second Israeli spy firm exploited a loophole in Apple’s security to hack iPhones, multiple sources told Reuters on Thursday.

Five people with knowledge of the matter said Quadream acquired the capability last year, around the same time as NSO Group, allowing the two companies to break into iPhones without the user needing to click a link.

Bill Marczak, security researcher at Citizen Lab, said Reuters that the company’s so-called “zero-click” capabilities appeared to be “on par” with NSO’s.

Three of the sources said the NSO and Quadream exploits were similar because they exploited many of the same vulnerabilities hidden deep within Apple’s instant messaging platform and used a comparable approach to planting malware on devices. targeted, in order to gain unauthorized access to data.

The exploits were so similar that when Apple patched the underlying flaws in September 2021, it rendered NSO’s and Quadream’s software ineffective, two people familiar with the matter told the news agency.

Quadream did not respond to repeated requests for comment from Reuters.

An Apple spokesperson declined to comment on Quadream or say whether it plans to take action on the company.

An NSO spokeswoman said the company “has not cooperated” with Quadream, but “the cyber intelligence industry continues to grow rapidly globally.”

In November, Apple sued the NSO Group for targeting users of its devices, claiming that NSO violated Apple’s terms of service and service agreement. NSO has denied any wrongdoing.

NSO says it sells its software, Pegasus, only to governments for the purpose of fighting crime and terrorism, and all sales require Department of Defense approval. Although it says it has safeguards in place to prevent abuse, NSO says it has no control over how a customer uses the product and no access to the data it collects. He says he terminated several contracts due to improper use of Pegasus.

The company has been embroiled in numerous scandals in recent years and has faced a torrent of international criticism over allegations that it helps governments, including dictatorships and authoritarian regimes, spy on dissidents and rights activists. .

But unlike NSO, Quadream has kept a lower profile despite serving some of the same government clients. A source close to the company told Reuters it does not have a website touting its business and its employees have been told not to refer to their employer on social media.

A branch of the NSO Group near the southern town of Sapir, August 24, 2021. (AP Photo/Sebastian Scheiner, File)

Quadream was founded in 2016 by Ilan Dabelstein, a former Israeli military official, and two former NSO employees, Guy Geva and Nimrod Reznik, according to Israeli company records and two people familiar with the company, the report said. .

Its flagship product – similar to NSO’s Pegasus – is called REIGN.

REIGN could take control of a smartphone, get instant messages from services like WhatsApp, Telegram and Signal, as well as emails, photos, texts and contacts, two product brochures from 2019 and 2020 showed .

REIGN’s “Premium Collection” capabilities included “real-time call recordings, camera activation – front and rear” and “microphone activation,” according to a brochure, according to the report.

The 2019 brochure stated that the cost to be able to launch 50 smartphone burglaries per year was $2.2 million, excluding maintenance costs. But two sources familiar with the software’s sales said REIGN’s price was generally higher, according to the report.

Quadream and NSO Group have employed some of the same engineering talent over the years, three people familiar with the matter said. However, according to the NSO spokesperson, two of those sources said the companies did not collaborate on their iPhone hacks, with each offering their own ways to take advantage of the vulnerabilities.

One of Quadream’s first clients was the Singaporean government, two of the sources said. Documentation reviewed by Reuters showed that the company had also presented its software to the Indonesian government. It was unclear whether Indonesia had become a customer, according to the report.

Several of Quadream’s buyers – including Saudi Arabia – also overlapped the NSOs, said four of the cited sources.

Last year it was reported that Quadream had started working with Saudi Arabia after the murder of dissident journalist Jamal Khashoggi. Riyadh reportedly lost its license for NSO’s Pegasus, after it was allegedly used in the build-up to Khashoggi’s 2018 murder.

The climate crisis and responsible journalism

As an environmental reporter for The Times of Israel, I try to convey the facts and science behind climate change and environmental degradation, explain – and critique – official policies affecting our future, and describe the Israeli technologies that can be part of the solution.

I am passionate about the natural world and discouraged by the dismal lack of awareness of environmental issues shown by most of the public and politicians in Israel.

I am proud to do my part to keep The Times of Israel readers properly informed on this vital subject – which can and does lead to policy change.

Your support, through your membership in The Times of Israel community, allows us to continue our important work. Would you like to join our community today?

Thank you,

Sue SurkesEnvironment journalist

Join the Times of Israel community

Join our community

Already a member? Log in to stop seeing this

Are you serious. We appreciate that!

That’s why we come to work every day – to provide discerning readers like you with unmissable coverage of Israel and the Jewish world.

So now we have a request. Unlike other media, we don’t have a paywall in place. But since the journalism we do is expensive, we invite readers to whom The Times of Israel has become important to help support our work by joining The Times of Israel community.

For just $6 a month, you can help support our quality journalism while benefiting from The Times of Israel WITHOUT ADVERTISINGas well as access to exclusive content available only to members of the Times of Israel community.

Join our community

Join our community

Already a member? Log in to stop seeing this

Comments are closed.