Five informed sources said that a second Israeli company exploited a loophole in Apple’s software, at the same time that the Israeli electronic intelligence group NSO was able to hack iPhones in 2021.
The sources said QuaDream, a smaller and less well-known company, is working on developing smartphone hacking tools for government clients.
And last year, the two rival companies gained the ability to remotely hack iPhones, according to the five sources, which means the two companies can put Apple’s phones at risk without their owners opening malicious links.
An expert said that two companies’ use of one advanced method known as “Zero Click” proves that phones are more vulnerable to effective digital spying tools than the phone industry admits.
“People want to think they’re safe, and phone companies want you to think they’re safe. And what we’ve realized is that it isn’t,” said Dave Itel, a partner at Cordyceps Systems, which specializes in cybersecurity.
Experts who have been analyzing the breaches of the “NSO Group” and the Qua Dream Company since last year believe that the two companies used very similar software methods known as “Forced Entry” to hack iPhone phones.
Three of the sources said analysts believed that the two companies’ hacking methods were similar because they both exploited the same vulnerabilities in Apple’s instant messaging platform and used a similar method to implant malware in target devices.
An Apple spokesperson declined to comment on Qua Dream or say if the company intends to take any steps with respect to this company.
Two sources familiar with the matter said that the similarities between the two companies’ hacking methods were so strong that their spyware became useless when Apple fixed the vulnerabilities in September 2021.
A spokeswoman for NSO said the company “has not cooperated” with Koa Dream, but that “the cyber-intelligence industry continues to grow rapidly globally.”
Apple sued NSO Group in November, accusing it of violating its terms of use and services agreement with its phones. The case is still in its early stages.
Spyware companies say they sell high-potential technology to help governments thwart threats to national security. However, human rights organizations and journalists have repeatedly proven that this software is used to attack civil society, undermine political opposition, and interfere in elections.