Yet Another Israeli Malware Manufacturer Found Selling To Human Rights Abusers, Targeting iPhones

from the quite-the-homebrew-industry-you've-got-going-there,-Israel dept

Exploit developer NSO Group may be swallowing up the negative limelight these days, but let's not forget the company has plenty of competitors. The US government's blacklisting of NSO arrived with a concurrent blacklisting of malware purveyor, Candiru -- another Israeli firm with a long list of questionable customers, including Uzbekistan, Saudi Arabia, United Arab Emirates, and Singapore.

Now there's another name to add to the list of NSO-alikes. And (perhaps not oddly enough) this company also calls Israel home. Reuters was the first to report on this NSO's competitor's ability to stay competitive in the international malware race.

A flaw in Apple's software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, according to five people familiar with the matter.

QuaDream, the sources said, is a smaller and lower profile Israeli firm that also develops smartphone hacking tools intended for government clients.

Like NSO, QuaDream sold a "zero-click" exploit that could completely compromise a target's phones. We're using the past tense not because QuaDream no longer exists, but because this particular exploit (the basis for NSO's FORCEDENTRY) has been patched into uselessness by Apple.

But, like other NSO competitors (looking at you, Candiru), QuaDream has no interest in providing statements, a friendly public face for inquiries from journalists, or even a public-facing website. Its Tel Aviv office seemingly has no occupants and email inquiries made by Reuters have gone ignored.

QuaDream doesn't have much of a web presence. But that's changing, due to this report, which builds on earlier reporting on the company by Haaretz and Middle East Eye. But even the earlier reporting doesn't go back all that far: June 2021. That report shows the company selling a hacking tool called "Reign" to the Saudi government. But that sale wasn't accomplished directly, apparently in a move designed to further distance QuaDream from both the product being sold and the government it sold it to.

According to Haaretz, Reign is being sold by InReach Technologies, Quadream's sister company based in Cyprus, while Quadream runs its research and development operations from an office in the Ramat Gan district in Tel Aviv.

[...]

InReach Technologies, its sales front in Cyprus, according to Haaretz, may be being used in order to fly under the radar of Israel’s defence export regulator.

Reign is apparently the equivalent of NSO's Pegasus, another powerful zero-click exploit that appears to still be able to hack most iPhone models. But it's not a true equivalent. According to this report, the tool can be rendered useless by a single system software update and, perhaps more importantly, cannot be remotely terminated by the entity deploying it, should the infection be discovered by the target. This means targeted users have the opportunity to learn a great deal about the exploit, its deployment, and possibly where it originated.

That being said, it's not cheap:

One QuaDream system, which would have given customers the ability to launch 50 smartphone break-ins per year, was being offered for $2.2 million exclusive of maintenance costs, according to the 2019 brochure. Two people familiar with the software's sales said the price for REIGN was typically higher.

With more firms in the mix -- and more scrutiny from entities like Citizen Lab -- it's only a matter of time before information linking NSO competitors to human rights abuses and indiscriminate targeting of political enemies threatens to make QuaDream and Candiru household names. And, once again, it's time to point out this all could have been avoided by refusing to sell powerful hacking tools to human rights abusers who were obviously going to use the spyware to target critics, dissidents, journalists, ex-wives, etc. That QuaDream chose to sell to countries like Saudi Arabia, Singapore, and Mexico pretty much guarantees reports of abusive deployment will surface in the future.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: exploits, israel, malware, surveillance, zero days
Companies: nso group, quadream