iPhone spyware tool similar to Pegasus was sold to governments

Echoing NSO Group's Pegasus debacle, another spyware tool that could attack the iPhone was sold to governments, and has only now been discovered.

Spying software is often used by security agencies and governments to monitor individuals of interest. This was most famously demonstrated by the discovery of Pegasus, spyware by NSO Group that was sold and used to spy on political opponents, activists, and journalists.

While the Pegasus discussion has died down, it seems that NSO Group wasn't the only organization selling tools capable of surveilling an iPhone to interested parties.

A report from Citizen Lab based on analysis of samples shared by Microsoft Threat Intelligence revealed the existence of a spying tool that was very similar to Pegasus in many ways. Known as "Reign," the spyware by the Israeli company QuaDream offers ways for governments to, again, keep tabs on their potential opposition.

Much like Pegasus, Reign has been sold to governments including Singapore, Saudi Arabia, Mexico, and Ghana. It was pitched to others including Indonesia and Morocco.

The tool has also been used in at least five cases. To date it has been used against political opposition figures, journalists, and others in North America, Central Asia, Southeast Asia, Europe, and the Middle East.

Zero-click and devastating

Binaries scanned by the team reveal the spyware was deployed to target devices by using a suspected iOS 14 zero-click exploit, including against iOS 14.4 and iOS 14.4.2. The exploit, which researchers refer to as "Endofdays," used invisible iCloud calendar invitations sent to victims.

Once installed, Reign had a considerable amount of access to the various components of iOS and iPhone features, much like Pegasus did. This included:

Recording audio of calls
Recording the microphone
Taking photographs using cameras
Exfiltrating and removing items from the Keychain
Generating iCloud 2FA passwords
Searching through files and databases on the device
Tracking the device's location
Cleaning up traces of the software to minimize detection.

A self-destruct feature cleaned up the traces of the spyware, but also helped researchers identify if a victim was attacked using the surveillance tool.

A continuing privacy danger

QuaDream continues to operate. It managed to avoid being discovered for a considerable period of time because of efforts to avoid scrutiny.

The firm is also in a legal dispute with InReach, a Cyprus-based entity used to sell QuaDream's products outside of Israel. The dispute, over an apparent failure to transfer funds in 2019, helped researchers discover more about the companies, including their officers.

QuaDream is believed to have "common roots" with NSO Group, according to Citizen Lab, along with other companies within the Israeli commercial spyware industry, as well as intelligence agencies within the Israeli government.

Among the key individuals is a co-founder who was a former Israeli military official, and former NSO employees.

Citizen Lab says the report is "a reminder that the industry for mercenary spyware is larger than any one company, and that continued vigilance is required by researchers and potential targets alike."

Latest Exclusives

Latest comparisons

9 Comments

lkrupp 19 Years · 10521 comments

About 1 year ago

Wait. What? Ohh, I thought this was a current exploit. My bad. But this should end the argument over whether Apple should allow users to downgrade iOS versions, whether Apple should should be so aggressive in promoting upgrades to the latest versions, and end the “planned obsolescence” claims. But we all know it won’t so whatever.

danox 11 Years · 3442 comments

Washington DC where are you?

avon b7 20 Years · 8046 comments

lkrupp said:

Wait. What? Ohh, I thought this was a current exploit. My bad. But this should end the argument over whether Apple should allow users to downgrade iOS versions, whether Apple should should be so aggressive in promoting upgrades to the latest versions, and end the “planned obsolescence” claims. But we all know it won’t so whatever.

What? Just fix the problem in the same lineage it exists in!

Have you ever considered the fact that yearly major updates are part of the problem?

Fidonet127 5 Years · 598 comments

avon b7 said:

lkrupp said:

Wait. What? Ohh, I thought this was a current exploit. My bad. But this should end the argument over whether Apple should allow users to downgrade iOS versions, whether Apple should should be so aggressive in promoting upgrades to the latest versions, and end the “planned obsolescence” claims. But we all know it won’t so whatever.

What? Just fix the problem in the same lineage it exists in!

Have you ever considered the fact that yearly major updates are part of the problem?

Have you considered major yearly updates are part of the solution? Some people assume yearly major updates are part of the problem without any evidence. Look at Windows 10, had none of what people consider major updates, yet some of those minor updates caused major issues. Windows 10 has had printer issues after updates. The March 2023 mandatory security update has caused blue screen of death and performance issues. With major updates, users expect changes that will likely cause problems and minor updates could but should not cause problems. With major updates, Apple has the opportunity to dump old code, enact new security and privacy methods that would be too drastic for point updates. Another example, been trying to get the manufacture of my favorite game to support Macs better by moving to Metal and when ASi Macs came out, support native ASi code. They supported iPads and iPhones, so it wouldn't be that heavy lift. Then one day they came out with a point update that used Metal and ASi native code, trouble was they dropped support for previous Mac OS versions that didn't support ASi Macs. So you had people who bought that major version of the game, who can run Metal apps on their Mac, and the easier versions of that major release, but not the latest versions of that major release because they couldn't run the newest versions of Mac OS. It was a weird situation, however they have a new major version, which makes it clearer. Major versions bring in the funds and the excitement. Minor versions do not.

Fidonet127 said:

avon b7 said:

lkrupp said:

Wait. What? Ohh, I thought this was a current exploit. My bad. But this should end the argument over whether Apple should allow users to downgrade iOS versions, whether Apple should should be so aggressive in promoting upgrades to the latest versions, and end the “planned obsolescence” claims. But we all know it won’t so whatever.

What? Just fix the problem in the same lineage it exists in!

Have you ever considered the fact that yearly major updates are part of the problem?

Have you considered major yearly updates are part of the solution? Some people assume yearly major updates are part of the problem without any evidence. Look at Windows 10, had none of what people consider major updates, yet some of those minor updates caused major issues. Windows 10 has had printer issues after updates. The March 2023 mandatory security update has caused blue screen of death and performance issues. With major updates, users expect changes that will likely cause problems and minor updates could but should not cause problems. With major updates, Apple has the opportunity to dump old code, enact new security and privacy methods that would be too drastic for point updates. Another example, been trying to get the manufacture of my favorite game to support Macs better by moving to Metal and when ASi Macs came out, support native ASi code. They supported iPads and iPhones, so it wouldn't be that heavy lift. Then one day they came out with a point update that used Metal and ASi native code, trouble was they dropped support for previous Mac OS versions that didn't support ASi Macs. So you had people who bought that major version of the game, who can run Metal apps on their Mac, and the easier versions of that major release, but not the latest versions of that major release because they couldn't run the newest versions of Mac OS. It was a weird situation, however they have a new major version, which makes it clearer. Major versions bring in the funds and the excitement. Minor versions do not.

There is little to consider.

We are talking major, zero click exploits here. They should be fixed within the same lineage. They are bugs after all.

Major updates on a yearly cycle are beyond most companies. They introduce deadlines that cannot be met reasonably. Apple is no exception and code quality has probably suffered badly over the last decade even with the improvements. Only Apple can know for sure but external evidence points to some very buggy iOS releases.

Trying to flip the tortilla by saying it allows Apple to eliminate crud doesn't resolve the problem.

I've seen some drafts from the EU which cover software support in an upcoming directive. If approved as is, device manufacturers will have to state on the box how long software support will be and the EU will set a minimum. Software/firmware updates that add new functionality will be user reversible as will updates that reduce performance.

It's worth pointing out that in terms of security updates Apple is pretty good at getting solutions out but making them part of major updates has always been a problem. It is by definition because major updates introduce major plumbing changes. Apple also took way too long to introduce bug bounty programmes.

Zero-click and devastating

A continuing privacy danger

9 Comments

Sponsored Content

Top Stories

Latest Exclusives

Latest comparisons

Latest News

Latest Videos

Latest Reviews