The vulnerabilities in iMessage that NSO Group used to hack iOS devices were simultaneously deployed by a competing spyware maker. Reuters reports this based on its own sources.
According to Reuters, the vulnerabilities were used by QuaDream, an Israeli surveillance company that develops and sells spyware to governments, as well as NSO Group. QuaDream and NSO Group began using the vulnerabilities to remotely hack into iPhones last year. They specifically used a ‘zero-click’ in iOS called ForcedEntry for this. This allowed hackers to gain access to an iPhone by sending a special iMessage message, without requiring interaction from the victim. Those vulnerabilities have been patched in iOS 14.8.
QuaDream and NSO Group allegedly exploited “many of the same vulnerabilities” in Apple’s messaging service and used a similar method to install their spyware on victims’ devices. A security researcher at Canada’s Citizen Lab, which discovered the ForcedEntry exploit, tells Reuters that QuaDream’s spyware was “on par” with NSO Group’s spy software.
A spokesperson for NSO Group told Reuters that the company has not cooperated with QuaDream in developing spyware. QuaDream has not responded. Apple also declined to comment to Reuters and could not say what action Apple might take against QuaDream. Late last year, Apple sued NSO Group for its use of the ForcedEntry exploit. Through the court, Apple wants to enforce that the spyware maker is no longer allowed to use Apple’s software, services and devices. The company did this after NSO Group’s espionage software was discredited several times; journalists, businessmen, politicians and human rights activists, among others, have been alleged to have been targeted by espionage via the company’s spyware.