Pegasus' nemesis: Meet QuaDream, another Israeli spyware company
A report by Reuters delves into the hacking techniques used by QuaDream, a low-profile company that was established by ex-NSO Group employees and an Israeli military official.
-
The entrance to an office belonging to Quadream, at a high-rise building in the occupied territories, January 25, 2022 (Reuters)
Apple's software has a flaw that was exploited by the Israeli surveillance company, NSO Group - famous for the Pegasus spyware scandal - which allowed the company to break into iPhones in 2021. At the same time, it was abused by a competing company, according to 5 people who knew about the matter.
The competing company - QuaDream - is a smaller company, also Israeli, which develops hacking tools used to hack into smartphones and sold to governments.
The two businesses, which have a rivalry, attained the ability to break into iPhones last year, according to the sources. This entails that they can break into an Apple iPhone without the owner having to open a link.
The same sophisticated technique was employed: the "zero-click" - a depiction of just how much phones are easily infiltrated than industries want to admit, according to one expert.
"People want to believe they're secure, and phone companies want you to believe they're secure. What we've learned is, they're not," said Dave Aitel, a computer security professional and a partner at Cordyceps systems.
It was analyzed that the two companies used similar 'software exploits' to hijack iPhones, known as ForcedEntry. An exploit by definition is a code made to leverage software vulnerabilities, which gives the companies unauthorized access to the phone data.
A Reuters journalist last week visited a QuaDream office in the occupied territories in "Tel Aviv", but no one answered the door, in addition to no response from an Israeli lawyer - listed by QuaDream - who was emailed.
ForcedEntry has been found to be one of the most technically sophisticated exploits ever captured by security researchers; Apple in November sued the NSO Group over ForcedEntry, which has violated Apple's user terms and services agreement.
Despite the similarity in NSO and QuaDream's maneuverings, in a written statement, NSO contended that it "did not cooperate" with QuaDream, however, the "cyber intelligence industry continues to grow rapidly globally."
Human rights organizations have been eyeing the recent findings that spyware is being used to attack civil society, human rights organizations, journalists, and political figures, as well as to infiltrate elections.
Read more: HRW Beirut Blast investigator targeted with Israeli Pegasus spyware
Last November, the NSO was blacklisted by the US Department of Commerce, though the FBI purchased the program in 2019 and used it domestically.
As part of its policy, QuaDream maintains a low profile in comparison with NSO Group. The company was founded in 2016 by a former Israeli military official, Ilan Dabelstein, in addition to 2 ex-NSO employees, Guy Geva and Nimrod Reznik.
Drawing parallels with NSO's Pegasus, QuaDream has REIGN, which could overpower a smartphone, and can obtain messages from Whatsapp, Telegram, Signal, and more. Photos, contacts, and texts are not excluded. This information is according to product brochures.
REIGN can record phone calls in real-time, can activate the camera - front and back - as well as the microphone, according to one brochure.
As for the prices, one QuaDream system, which can hack into 50 phones a year, was valued at $2.2 million a year. However, REIGN was known to be higher, according to individuals familiar with QuaDream.
One of QuaDream's first customers was Singapore's government.
