A Second Surveillance Firm Was Caught Hacking iPhones GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Phones

A Second Surveillance Firm Was Caught Hacking iPhones

Like NSO Group, QuaDream was installing spyware using zero-click vulnerability

By Rob Rich Rob Rich News Reporter College for Creative Studies Rob is a freelance tech reporter with experience writing for a variety of outlets, including IGN, Unwinnable, 148Apps, Gamezebo, Pocket Gamer, Fanbolt, Zam, and more. lifewire's editorial guidelines Published on February 3, 2022 11:51AM EST Fact checked by Jerri Ledford Fact checked by Jerri Ledford Western Kentucky University Gulf Coast Community College Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others. lifewire's fact checking process Tweet Share Email Tweet Share Email Phones Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming In addition to NSO Group, a second surveillance firm was found to have been using the iPhone's zero-click exploit to spy on users. According to Reuters, the QuaDream firm was similarly using the zero-click exploit to spy on its targets without the need to trick them into downloading or clicking on anything. Sources allege that QuaDream began using this ForcedEntry exploit in iMessage that was first discovered in September 2021. Apple was quick to patch the exploit within that same month. Jeffrey Coolidge / Getty Images QuaDream's flagship spyware, dubbed REIGN, worked much like NSO Group's Pegasus spyware by installing itself on target devices without warning or need for user interaction. Once in place, it began gathering contact info, emails, messages from various messaging apps, and photos. According to a brochure acquired by Reuters, REIGN also offered call recording and camera/microphone activation. QuaDream is suspected of using the same exploit as NSO Group because, according to sources, both spyware programs took advantage of similar vulnerabilities. They both also used a similar approach to installing malicious software, and Apple's patch managed to stop both of them in their tracks. While the zero-click vulnerability in iMessage has been addressed, effectively cutting off both Pegasus and REIGN, it's not a permanent solution. As Reuters points out, smartphones are not (and will probably never be) completely secure from every conceivable form of attack. Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire What Is Spyware? Plus, How to Protect Yourself Against It Does Windows 10 Need Antivirus Protection? 12 Best Free Spyware Removal Tools (October 2022) Browser Hijackers: What They Are and How to Protect Yourself From Them 7 Ways to Tell If Your Phone Is Being Tapped How to Install a Second SSD How to Secure Your Webcam in One Minute or Less 9 Best Ways to Hide Your Identity Online The 6 Best Free Malware Removal Tools of 2022 How Does Spyware Get Onto Your Computer or Phone? What to Do on iPhone to Stop Government Spying What Are Packet Sniffers and How Do They Work? 5 Best Spy Camera Apps for 2022 How to Secure Your IP Security Cameras 5 MacBook Security Tips - Internet / Network Security What Is a Network Sniffer? Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies