iPhone flaw exploited by second Israeli spy firm-sources

Sources say low profile tech firm QuaDream developed tools on par with NSO's controversial Pegasus spyware that allows it to remotely break into iPhones
Reuters|
PrintFind an error? Report us
Related Topics
Getting your Trinity Audio player ready...
A flaw in Apple's software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, according to five people familiar with the matter.
  • Follow Ynetnews on Facebook and Twitter

    • QuaDream, the sources said, is a smaller and lower profile Israeli firm that also develops smartphone hacking tools intended for government clients.
    3 View gallery
    האקר    האקר
    Both NSO and QuaDream gained the same ability to remotely break into iPhones
    (Photo: Shutterstock)
    The two rival businesses gained the same ability last year to remotely break into iPhones, according to the five sources, meaning that both firms could compromise Apple phones without an owner needing to open a malicious link.
    That two firms employed the same sophisticated hacking technique - known as a "zero-click" - shows that phones are more vulnerable to powerful digital spying tools than the industry will admit, one expert said.
    "People want to believe they're secure, and phone companies want you to believe they're secure. What we've learned is, they're not," said Dave Aitel, a partner at Cordyceps Systems, a cybersecurity firm.
    3 View gallery
    NSO and Apple logos     NSO and Apple logos
    NSO and Apple logos
    (Photo: AP, Shutterstock)
    Experts analyzing intrusions engineered by NSO Group and QuaDream since last year believe the two companies used very similar software exploits, known as ForcedEntry to hijack iPhones.
    An exploit is computer code designed to leverage a set of specific software vulnerabilities, giving a hacker unauthorized access to data.
    The analysts believed NSO and QuaDream's exploits were similar because they leveraged many of the same vulnerabilities hidden deep inside Apple's instant messaging platform and used a comparable approach to plant malicious software on targeted devices, according to three of the sources.
    Bill Marczak, a security researcher with digital watchdog Citizen Lab who has been studying both companies' hacking tools, told Reuters that QuaDream's zero-click capability seemed "on par" with NSO's.
    3 View gallery
    This studio photographic illustration shows a smartphone with the website of Israel's NSO Group which features 'Pegasus' spyware, on display in Paris on July 21, 2021     This studio photographic illustration shows a smartphone with the website of Israel's NSO Group which features 'Pegasus' spyware, on display in Paris on July 21, 2021
    (Photo: AFP )
    An Apple spokesman declined to comment on QuaDream or say what if any action they planned to take with regard to the company.
    In a written statement, an NSO spokeswoman said the company "did not cooperate" with QuaDream but that "the cyber intelligence industry continues to grow rapidly globally."
    Apple sued NSO Group over ForcedEntry in November, claiming that NSO had violated Apple's user terms and services agreement. The case is still in its early stages.
    Comments
    The commenter agrees to the privacy policy of Ynet News and agrees not to submit comments that violate the terms of use, including incitement, libel and expressions that exceed the accepted norms of freedom of speech.
    ""