News

A Second Surveillance Firm Was Caught Hacking iPhones

Like the NSO group, QuaDream used a zero-click vulnerability to install spyware.

In addition to the NSO group, a second surveillance company was found using the iPhone’s zero-click exploit to spy on users.

According to Reuters, the company QuaDream used a similar zero-click exploit to spy on targets without tricking them into downloading or clicking. Sources claim that QuaDream started using this ForcedEntry exploit in iMessage, first discovered in September 2021. Apple quickly patched the exploit within the same month.

Jeffrey Coolidge/Getty Images

Called REIGN, QuaDream’s flagship spyware works similarly to NSO Group’s Pegasus spyware, which installs itself on target devices without warning or user interaction. Once set up, it started collecting contact information, emails, messages and photos from various messaging apps. According to a brochure obtained from ReutersREIGN also provided call recording and camera/microphone activation.

According to sources, the two spyware programs exploited similar vulnerabilities, and QuaDream is suspected of using the same exploits as the NSO Group. Both used a similar approach to install malicious software, and Apple’s patch blocked both.

A zero-click vulnerability in iMessage has been fixed, effectively blocking Pegasus and REIGN, but not a permanent fix. when Reuters Smartphones are not completely safe from every conceivable form of attack, he points out, and probably never will.


More information

A Second Surveillance Firm Was Caught Hacking iPhones

Like NSO Group, QuaDream was installing spyware using zero-click vulnerability

In addition to NSO Group, a second surveillance firm was found to have been using the iPhone’s zero-click exploit to spy on users.

According to Reuters, the QuaDream firm was similarly using the zero-click exploit to spy on its targets without the need to trick them into downloading or clicking on anything. Sources allege that QuaDream began using this ForcedEntry exploit in iMessage that was first discovered in September 2021. Apple was quick to patch the exploit within that same month.

Jeffrey Coolidge / Getty Images

QuaDream’s flagship spyware, dubbed REIGN, worked much like NSO Group’s Pegasus spyware by installing itself on target devices without warning or need for user interaction. Once in place, it began gathering contact info, emails, messages from various messaging apps, and photos. According to a brochure acquired by Reuters, REIGN also offered call recording and camera/microphone activation.

QuaDream is suspected of using the same exploit as NSO Group because, according to sources, both spyware programs took advantage of similar vulnerabilities. They both also used a similar approach to installing malicious software, and Apple’s patch managed to stop both of them in their tracks.

While the zero-click vulnerability in iMessage has been addressed, effectively cutting off both Pegasus and REIGN, it’s not a permanent solution. As Reuters points out, smartphones are not (and will probably never be) completely secure from every conceivable form of attack.

#Surveillance #Firm #Caught #Hacking #iPhones

A Second Surveillance Firm Was Caught Hacking iPhones

Like NSO Group, QuaDream was installing spyware using zero-click vulnerability

In addition to NSO Group, a second surveillance firm was found to have been using the iPhone’s zero-click exploit to spy on users.

According to Reuters, the QuaDream firm was similarly using the zero-click exploit to spy on its targets without the need to trick them into downloading or clicking on anything. Sources allege that QuaDream began using this ForcedEntry exploit in iMessage that was first discovered in September 2021. Apple was quick to patch the exploit within that same month.

Jeffrey Coolidge / Getty Images

QuaDream’s flagship spyware, dubbed REIGN, worked much like NSO Group’s Pegasus spyware by installing itself on target devices without warning or need for user interaction. Once in place, it began gathering contact info, emails, messages from various messaging apps, and photos. According to a brochure acquired by Reuters, REIGN also offered call recording and camera/microphone activation.

QuaDream is suspected of using the same exploit as NSO Group because, according to sources, both spyware programs took advantage of similar vulnerabilities. They both also used a similar approach to installing malicious software, and Apple’s patch managed to stop both of them in their tracks.

While the zero-click vulnerability in iMessage has been addressed, effectively cutting off both Pegasus and REIGN, it’s not a permanent solution. As Reuters points out, smartphones are not (and will probably never be) completely secure from every conceivable form of attack.

#Surveillance #Firm #Caught #Hacking #iPhones


Synthetic: Vik News

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Back to top button