A Reuters report recently discovered that two competing Israeli surveillance firms have been abusing a vulnerability in Apple’s software to break into iPhones since last year, one of which has allegedly been working with the Singapore Government.
QuaDream, the firm in question, uses a "sophisticated hacking technique" to gain unauthorised access to iPhones without the owner needing to click a malicious link. Aptly called "zero-click", the exploit essentially gives the firm and its clients the ability to spy on unsuspecting iPhone owners that they target.
Cybersecurity analysts believe that QuaDream’s exploits leverage vulnerabilities hidden inside Apple's instant messaging platform, and the firm’s zero-click capabilities are just about the same as NSO’s, its rival surveillance firm.
QuaDream was established in 2016 by Israeli military official Ilan Dabelstein and by two former NSO employees Guy Geva and Nimrod Reznik, according to Reuters’ findings. The firm’s flagship product is called REIGN, spyware that could remotely take control of a smartphone and steal private data, including instant messages, emails, texts, photos and contacts.
The report further claims that one of the firm’s offerings, a system that allows customers to launch 50 smartphone break-ins per year, is priced at US$2.2 million (S$3 million). The price of REIGN, however, is said to be much higher.
The Singapore Government was one of QuaDream’s first clients, as Reuters’ sources point out, though no specifics were given about the business arrangement. QuaDream’s other clients include Saudi Arabia and Mexico. Reuters said that a pitch was also made to the Indonesian government, but it’s unclear whether anything came of it.
Reuters said it has taken efforts to reach QuaDream for comment, repeatedly messaging the aforementioned executives, but they have yet to hear back from anyone. A reporter was also sent to the firm’s office in Tel Aviv, but no one answered the door. The news organisation itself noted that QuaDream keeps a low profile, operating without a website and asking its employees to keep any references to the firm off social media.
Apple was also asked for a comment. but a spokesperson for the iPhone firm declined. So it’s not known, as of writing, whether Apple plans to eventually fix the vulnerabilities.
No one from the government offices involved returned Reuters’ request for a comment as well.
The Singapore Government is allegedly one of the first customers of QuaDream, an Israeli surveillance firm that abuses vulnerabilities in Apple's software to break into iPhones, according to a Reuters report.
QuaDream uses a “sophisticated hacking technique" to gain unauthorised access to users' iPhones without the need to click on any links.
Reuters claims that QuaDream keeps a low profile despite working with government clients, which include Saudi Arabia and Mexico.
The surveillance firm also pitched its systems to Indonesia, but it's unclear whether a deal was struck.