A new report claims that an NSO Group rival, a lower-profile firm called QuaDream, had also exploited an iPhone flaw that allowed its customers to remotely hack smartphones.
NSO Group's Pegasus hacking tool has been under such increased pressure that its makers considered shutting it down. At the same time as foreign governments — and the FBI — were buying Pegasus, though, there was a lesser-known alternative.
According to Reuters, five unnamed sources have confirmed the existence of QuaDream, a second Israeli spyware company. The sources say that QuaDream gained the same ability to compromise iPhones as Pegasus, at around the same time that the NSO Group did.
In a written statement to Reuters, an NSO Group spokesperson said that the company "did not cooperate" with QuaDream. However, the spokesperson noted that "the cyber intelligence industry continues to grow rapidly globally."
QuaDream was founded in 2016 and its main hacking software was an app called "Reign." According to thursday's report, in 2019 the company advertised the ability to hack 50 smartphones per year for a fee of $2.2 million, plus a maintenance fee.
Unknown higher fees reportedly added options such as "real time call recordings," plus both camera and microphone activation.
While QuaDream and the NSO Group reportedly developed their spyware independently, they both exploited the same ForcedEntry iPhone vulnerability. When Apple patched the flaw specifically to block the NSO Group, it also blocked QuaDream's system.
The security hole that both NSO Group and QuaDream were using was patched in iOS 14.8. It's not clear if they have any iOS 15 attack surfaces.