After NSO Group, A Second Israeli Spy Company Was Also Found Hacking Apple's iPhones

04/02/2022

Not all products are created equal. But what is certain, all products can have weaknesses.

The same goes to iOS/iPadOS from Apple. The two matured operating systems are considered polished and very capable. But still, flaws made them susceptible to certain forms of hacking and spying, like the one posed by the Israeli firm NSO Group.

A flaw in Apple's software was exploited by the Israeli firm for quite some times, in a cat-and-mouse game of patching and exploiting between Apple and NSO Group.

This time, it was realized that NSO Group isn't the only spy company in Israel exploiting users of the Apple products.

According to five people familiar with the matter, another company was simultaneously abusing Apple as well.

Based near Tel Aviv, QuaDream, the sources said, is a smaller company in comparison to the NSO Group.

QuaDream
The entrance to an office listed as belonging to Quadream, in a high rise building in Ramat Gan, Israel, January 25, 2022. (Credit: REUTERS/Nir Elias)

The company is said to also develops smartphone hacking tools intended for government clients, which makes it a direct business rival to QuaDream.

But because it commands a much smaller profile, working without a website or social media account, nor and providing any data regarding its employers or employees, it went under the radar undetected, whereas NSO Group gained most of the notoriety caused by the spotlight given by the media.

Regardless, QuaDream does serve some of the same government clients.

According to the sources, both QuaDream and NSO Group gained the same ability back in 2021 to remotely break into iPhones through "zero-click" attack, meaning that both firms could compromise target Apple phones without the owners needing to do anything.

The two companies were found to use exploits designed target specific software vulnerabilities.

And in this case, it is believed that both companies exploited the same weakness found deep within Apple's instant messaging platform and used a comparable approach to plant malicious software on targeted devices, according to three of the sources.

The weakness in question, is said to be exploited by NSO Group's exploit called 'ForcedEntry', which was only fixed back in September 2021.

It was only since that moment Apple patched its operating systems, that it rendered both NSO and QuaDream's surveillance software ineffective.

According to reports, ForcedEntry is regarded as "one of the most technically sophisticated exploits" ever .

After it was patched, Apple notified thousands of ForcedEntry targets in November, making elected officials, journalists, and human rights workers around the world realize they had been placed under surveillance.

In Uganda, for example, ForcedEntry was used to spy on U.S. diplomats, the news reported .

Apple sued NSO Group over ForcedEntry in November, claiming that NSO had violated Apple's user terms and services agreement. In its lawsuit, Apple said that it "continuously and successfully fends off a variety of hacking attempts."

Apple said that NSO Group should be held accountable for the surveillance and targeting of Apple users.

And just like multi times in the past, NSO denied any wrongdoing..

In a written statement, an NSO spokesperson said that the company "did not cooperate" with QuaDream but that "the cyber intelligence industry continues to grow rapidly globally."

Spyware companies have long argued they sell high-powered technology to help governments thwart national security threats. But human rights groups and journalists have repeatedly documented the use of spyware to attack civil society, undermine political opposition, and interfere with elections.

Apple isn't the only tech company trying to sue NSO Group. Previously, Meta's WhatsApp is also trying to fight NSO, and even the U.S. Commerce Department has placed NSO Group on its trade blacklist.

Read: People Who Aren't Criminals Have 'Nothing To Be Afraid Of' When Being Surveilled

iPhone 13
A woman wearing a face mask walks past an image of an iPhone 13 Pro at an Apple Store in Beijing, China, September 24, 2021. Apple products have long been part of the global consumerism. (Credit: REUTERS/Carlos Garcia Rawlins)

It was later revealed that QuaDream was founded in 2016 by Ilan Dabelstein, a former Israeli military official, and two former NSO employees, Guy Geva and Nimrod Reznik.

That, according to Israeli corporate records and two people familiar with the business.

QuaDream's main product is called the 'REIGN'.

What it does is similar to NSO Group's ForcedEntry, in which it could be used to take control of a smartphone, spying on instant messages from services such as WhatsApp, Telegram, and Signal, as well as emails, photos, texts and contacts.

These were found on the two product brochures from 2019 and 2020 which were reviewed by Reuters.

REIGN's “Premium Collection” capabilities included the "real time call recordings", "camera activation - front and back" and "microphone activation", one brochure said.

The price clients have to pay to have this abilities, is at least $2 million, Reuters reported.

It was also revealed that QuaDream and NSO Group employed some of the same engineering talents, with some of their clients overlapping each other, including Saudi Arabia and Mexico.

One of QuaDream's first clients was the Singaporean government, the sources said, and it is also said that the company has pitched its product to the Indonesian government as well.