from quite-the-homebrew-industry-you-go-there-israel department
Exploit developer NSO Group may be swallowing the negative spotlight these days, but let’s not forget that the company has plenty of competition. The blacklisting of NSO by the US government came with a simultaneous blacklisting of malware vendor, Candiru – another Israeli company with a long list of dodgy customers including Uzbekistan, Saudi Arabia, United Arab Emirates and Singapore.
There is now another name to add to the list of similar NSOs. And (perhaps not oddly enough) this company also calls Israel home. Reuters was the first to report on this NSO’s competitor’s ability to stay competitive in the international malware race.
A flaw in Apple’s software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, according to five people familiar with the matter.
QuaDream, the sources said, is a smaller, more discreet Israeli company that also develops smartphone hacking tools for government customers.
Like NSO, QuaDream sold a “zero click” exploit that could completely compromise a target’s phones. We use the past tense not because QuaDream no longer exists, but because that particular exploit (the basis of NSO’s FORCEDENTRY) has been rendered useless by Apple.
But, like other NSO competitors (looking at you, Candiru), QuaDream has no interest in providing statements, a friendly public face for journalist inquiries, or even a public-facing website. His Tel Aviv office apparently has no occupants, and email inquiries from Reuters were ignored.
QuaDream doesn’t have much of a web presence. But that is changing, thanks to this report, which builds on earlier reporting on the company by Haaretz and Middle East Eye. But even the previous report doesn’t go back that far: June 2021. This report shows that the company is selling a hacking tool called “Reign” to the Saudi government. But this sale was not made directly, apparently in an effort to distance QuaDream further from the product being sold and the government to which it sold it.
According to Haaretz, Reign is sold by Quadream’s Cyprus-based sister company InReach Technologies, while Quadream runs its research and development operations from an office in Tel Aviv’s Ramat Gan neighborhood.
[…]
InReach Technologies, its sales front in Cyprus, according to Haaretz, could be used to fly under the radar of Israel’s defense export regulator.
Reign is apparently the Pegasus equivalent of NSO, another powerful no-click exploit that still seems capable of hacking most iPhone models. But it is not a true equivalent. According to this report, the tool can be rendered useless by a single system software update and, perhaps more importantly, cannot be stopped remotely by the entity deploying it, if the infection is discovered. by the target. This means that targeted users have the opportunity to learn a lot about the exploit, its deployment, and possibly its origin.
That being said, it’s not cheap:
A QuaDream system, which would have given customers the ability to launch 50 smartphone heists a year, was offered for $2.2 million excluding maintenance costs, according to the 2019 brochure. Two people familiar with sales of the software said that REIGN’s price was generally higher.
With more companies in the mix — and more scrutiny from entities like Citizen Lab — it’s only a matter of time before reports link NSO’s competitors to human rights abuses. man and the indiscriminate targeting of political enemies threaten to make QuaDream and Candiru household names. And, again, it’s time to point out that all of this could have been avoided by refusing to sell powerful hacking tools to human rights abusers who were obviously going to use spyware to target critics, dissidents, journalists, ex-wives, etc. QuaDream has opted to sell to countries like Saudi Arabia, Singapore, and Mexico, which pretty much guarantees that reports of abusive deployment will surface in the future.
Thanks for reading this Techdirt post. With so much competing for everyone’s attention these days, we really appreciate your giving us your time. We work hard every day to deliver quality content to our community.
Techdirt is one of the few media that is still truly independent. We don’t have a giant corporation behind us, and we rely heavily on our community to support us, at a time when advertisers are less and less interested in sponsoring small independent sites – especially a site like ours which does not want to throw punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements and increasingly annoying/intrusive advertisements, we have always kept Techdirt open and accessible to everyone. But to continue to do so, we need your support. We offer our readers a variety of ways to support us, from direct donations to special subscriptions and cool products – and every little bit counts. Thank you.
–The Techdirt team
Filed Under: exploits, Israel, malware, surveillance, zero days
Companies: nso group, quadream
