Reuters reported on Thursday that a second Israeli spy firm used a vulnerability in Apple's security to hack into iPhones.
Five people with knowledge of the situation told Reuters QuaDream obtained the ability last year, around the same time the NSO Group did, allowing the two companies to break into iPhones without the user having to open any links.
Experts who have been studying NSO Group and QuaDream intrusions since last year believe the two organizations employed extremely similar software exploits known as ForcedEntry to takeover iPhones.
An exploit is a piece of computer code that is designed to take advantage of a specific collection of software flaws, granting a hacker unauthorized access to data.
According to three of Reuters' sources, analysts believed NSO and QuaDream's exploits were similar because they targeted many of the same vulnerabilities hidden deep within Apple's instant messaging network and employed a similar approach to plant malicious software on targeted devices.
Although little is known about QuaDream's clientele, the company has purportedly worked on behalf of the governments of Saudi Arabia, Mexico, and Singapore, according to Reuters. The outlet said it may have also worked for the Indonesian government.
Two product brochures from 2019 and 2020 revealed REIGN could take control of a smartphone and collect instant messages from services like WhatsApp, Telegram, and Signal, as well as emails, photos, SMS, and contacts.
The NSO "did not cooperate" with QuaDream, a company represesntative said, but "the cyber intelligence industry continues to grow rapidly globally."
Apple sued NSO Group in November, alleging that NSO had breached Apple's user terms and services agreement by targeting Apple's device users. NSO has denied any wrongdoing.
NSO says it only sells Pegasus software to governments for the goal of combating crime and terrorism, and all sales are subject to the Defense Ministry approval. While NSO claims to have measures in place to avoid abuse, it has no control over how a client uses the product and no access to the data they collect. It says to have terminated numerous contracts as a result of the misapplication of Pegasus.
In recent years, the company has been embroiled in a number of controversies and has received a barrage of worldwide condemnation over allegations that it assists governments, especially dictatorships and authoritarian regimes, in spying on dissidents and rights advocates.
Despite serving some of the same government clients as NSO, Quadream has kept a low profile. A source familiar with the company told Reuters it does not have a website promoting its services, and employees have been warned not to mention their employer on social media.
