A second Israeli spy firm exploited a flaw in Apple’s security to hack into iPhones, numerous sources told Reuters on Thursday.
Five individuals with knowledge of the matter said Quadream gained the ability last year, around the same time as the NSO Group, letting the two companies break into iPhones without the user needing to click any link.
Bill Marczak, a security researcher with Citizen Lab, told Reuters that the company’s so-called “zero-click” abilities appeared to be “on par” with NSO’s.
Three of the sources said NSO and Quadream’s exploits were similar because they leveraged many of the same vulnerabilities hidden deep inside Apple’s instant messaging platform and used a comparable approach to plant malicious software on targeted devices, in order to gain unauthorized access to data.
The exploits were so similar that when Apple fixed the underlying flaws in September 2021 it rendered both NSO and Quadream’s software ineffective, two people familiar with the matter told the news agency.
Quadream did not respond to Reuters’ repeated request for comment.
— Reuters Asia (@ReutersAsia) February 3, 2022
A spokesperson for Apple declined to comment on Quadream or say if it planned to take any action with regard to the company.
An NSO spokeswoman said the company “did not cooperate” with Quadream, but that “the cyber intelligence industry continues to grow rapidly globally.”
In November, Apple sued NSO Group for targeting the users of its devices, claiming that NSO had violated Apple’s user terms and services agreement. NSO has denied any wrongdoing.
NSO says it sells its software, Pegasus, only to governments for the purpose of fighting crime and terrorism, and all sales require approval from the Defense Ministry. While it says it has safeguards in place to prevent abuse, NSO says it has no control over how a client uses the product and no access to the data they collect. It says it has terminated several contracts due to the inappropriate use of Pegasus.
The company has been involved in numerous scandals in recent years and has faced a torrent of international criticism over allegations it helps governments, including dictatorships and authoritarian regimes, spy on dissidents and rights activists.
But unlike NSO, Quadream has kept a lower profile despite serving some of the same government clients. A source familiar with the company told Reuters it has no website touting its business, and its employees have been told to keep any reference to their employer off social media.
Quadream was founded in 2016 by Ilan Dabelstein, a former Israeli military official, and by two former NSO employees, Guy Geva and Nimrod Reznik, according to Israeli corporate records and two people familiar with the business, the report said.
Its flagship product — similar to NSO’s Pegasus — is named REIGN.
REIGN could take control of a smartphone, obtain instant messages from services such as WhatsApp, Telegram, and Signal, as well as emails, photos, texts, and contacts, two product brochures from 2019 and 2020 showed.
REIGN’s “Premium Collection” capabilities included “real time call recordings, camera activation — front and back,” and “microphone activation,” one brochure said, according to the report.
The 2019 brochure said the cost for being able to launch 50 smartphone break-ins per year was $2.2 million, exclusive of maintenance costs. But two sources familiar with the software’s sales said the price for REIGN was typically higher, the report said.
Quadream and NSO Group have employed some of the same engineering talent over the years, three people familiar with the matter said. However, in line with NSO’s spokesperson, two of those sources said the companies did not collaborate on their iPhone hacks, with each coming up with their own ways to take advantage of vulnerabilities.
One of Quadream’s first clients was the Singaporean government, two of the sources claimed. Documentation reviewed by Reuters showed the company also pitched its software to the Indonesian government. It was not clear if Indonesia became a client, the report said.
Several of Quadream’s buyers — including Saudi Arabia — have also overlapped with NSO’s, four of the sources were quoted as saying.
Last year, it was reported that Quadream began working with Saudi Arabia following the killing of dissident journalist Jamal Khashoggi. Riyadh reportedly lost its license for NSO’s Pegasus, after it was allegedly used in the lead-up to Khashoggi’s murder in 2018.