A company called QuaDream “weaponized” iPhone security holes and sold them to the government. Thus, in addition to NSO Group, QuaDream is the second company that has exploited the vulnerability on iPhone to penetrate and track users, this vulnerability is sold by order of a number of organizations.
NSO Group and QuaDream It is considered that two rival companies have jointly discovered a vulnerability that exists on the iPhone and can exploit and infiltrate data without the user having to click on a malicious link or lose any action. what (Zero click).
Exploiting Zero-click vulnerability from iMessage feature can be used to penetrate iOS operating system on iPhone and install spyware that allows attackers to get a lot of information such as contacts, emails, files. , messages and photos, and access to your phone’s Camera and microphone.
Spyware of QuaDreamnamed REIGN works in the same way as software Pegasus of NSO Group, giving Hacker full control over the device. Once discovered, Apple released the September 2021 patch for iOS 14.8 and then sued NSO Group for abusing the exploit to attack iPhones with surveillance software.
According to The New York Times, which published a number of open reports, Pegasus spyware has been used by the US Intelligence Agency (CIA) to fight terrorism in Djibouti, as well as a number of countries that have purchased Pegasus for the purpose. User tracking destination like: India, Mexico, Saudi Arabia and UAE
The year-long investigation also revealed that the US Federal Bureau of Investigation (FBI) “had purchased and tested NSO Group software for many years with plans to use it for domestic surveillance”, however. After testing, the FBI decided not to use.
Earlier this week, the FBI confirmed to The Washington Post that it had indeed obtained a license to use the tool and tested its capabilities on phones using foreign SIM cards. However, the agency added that it uses the product “only for product testing and evaluation,” and that it has never used it in operation or to assist with any investigation.
NSO Group, also blocked by the US government in November 2021, when its spyware was abused for political purposes targeting diplomats and government officials in Finland, Poland and the US .
Over the years, QuaDream and NSO Group have recruited a number of technical talents to find ways to hack iPhone. Those sources said the two companies did not cooperate with each other on iPhone hacks, they devised their own ways to take advantage of the vulnerabilities.
Some of QuaDream’s customers have also purchased NSO products such as Saudi Arabia and Mexico – both of which are accused of abusing spyware to target political opponents.
One of QuaDream’s first customers is the Singapore government, whose surveillance technology has also been introduced to the Indonesian government. However, it has not been determined whether Indonesia will become a customer of QuaDream or not.
When Apple patched a special vulnerability to block NSO Group, QuaDream’s software was also disabled.
The security hole that both NSO Group and QuaDream are using has been patched in iOS 14.8. It is not clear with the latest iOS 15.3 whether there are any security holes.