Spyware developed by an Israeli company is blamed for hacking that targeted journalists and opposition political figures around the world through an insidious method.
The company is QuaDream, and its product was announced by researchers at the Citizen Lab at the University of Toronto’s Munk School. The spyware is spread through a simple iCloud invitation sent to mobile users from the operators of the program.
NEW 🚨 New Israeli spyware targets journalists, politicians, according to watchdog — QuaDream's spyware can record audio from a phone call, record external sounds from a device's microphone, take pictures from cameras, and search the device's files, all without the user's… pic.twitter.com/C6aDmykPdS
— Insider Paper (@TheInsiderPaper) April 11, 2023
The trick is that the invitation is for a past event, so the user, who is likely to be a government client, is not notified through their mobile device. Thus, the spyware is invisible.
This category of spyware is known among hackers as “zero-click” since the user does not have to click on any dangerous link or take any other action on their mobile device in order to activate the software.
The Canadian watchdog reports the spyware is similar to the infamous Pegasus program and has been used to target journalists across the globe. Developer QuaDream Ltd. is owned by a former Israeli military official.
The hacking tool is marketed under the name Reign, and attacks on personal information of journalists and others occurred between 2019 and 2021, according to the Citizen Lab report.
U.S. authorities are specifically targeting producers of advanced cyberweapons, such as NSO Group. But newer instruments of cyberwarfare such as Reign pose a similarly dangerous threat.
When the spyware is present in a mobile phone, a QuaDream client may record conversations that take place near the device through control of the phone’s recorder. They may also access messages from encrypted apps, eavesdrop on phone conversations, and track the user’s location.
Researchers discovered that Reign is capable of producing two-factor authentication codes to gain access to an iPhone user’s iCloud services.
Apple, which touts its protections as some of the world’s best, said that iOS security is constantly advancing and noted that the hacking has not been detected since 2021.
The company emphasized that the attacks described in the Citizen Lab report are extremely expensive to develop and may only be used for a short time. They are deployed against specific targets “because of who they are or what they do.”