Low Profile NSO Group Rival QuaDream Sells Pegasus-Like Spyware to Break Into iPhones

Desperate plan called for using NSA data to keep Trump in office, Russia-linked gang reportedly responsible for attacks on energy companies, Administration unveils Cyber Safety Review board, more

Check out my latest column in CSO Online that walks through the just-announced Cyber Safety Review Board and explains why the NTSB is an imperfect analogy for this new government body.

Five sources said that a flaw in Apple's software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a lower profile competing company called QuaDream.

The Israeli QuaDream, which, like NSO Group, develops smartphone hacking tools intended for government clients, gained the same ability last year to remotely break into iPhones using a zero-click compromise. Both NSO and QuaDream leverage the same vulnerabilities in Apple’s instant messenger, and both use the same powerful exploit known as ForcedEntry, to hijack iPhones.

Both versions of ForcedEntry are so similar that when Apple fixed the underlying flaws in September 2021, it rendered both NSO and QuaDream’s spy software ineffective. Like NSO’s Pegasus spyware, QuaDream’s flagship product called REI…