In addition to NSO Group, a second surveillance company was discovered using the iPhone zero-click exploit to spy on users.
How Law Enforcement Breaks Into iPhones
According to Reuters, a company called QuaDream similarly used the zero-click exploit to spy on its targets without having to trick them into downloading or clicking anything. Sources claim that QuaDream started using this ForcedEntry exploit in iMessage, which was first discovered in September 2021. Apple was quick to patch the exploit that same month.
QuaDream's flagship spyware, dubbed REIGN, worked much like NSO Group's Pegasus spyware by installing itself on target devices without warning or need for user interaction. Once installed, it began collecting contact information, emails, messages from various messaging apps, and photos. According to a brochure obtained by Reuters, REIGN also offered call recording and camera/microphone activation.
QuaDream is suspected of using the same exploit as NSO Group, as sources say both spyware programs took advantage of similar vulnerabilities. They also both used similar approaches to install malicious software, and Apple's patch stopped them both.