Flogging an undead horse
As we noted in a previous blog, although the NSO group is now on the US Department of Commerce “Entity List for Malicious Cyber Activities” and the subject of lawsuits filed by Apple and Facebook, with the support of major tech firms, its sinister creation – Pegasus – continues to make the news and this time it is Israeli citizens that are up in arms. The Guardian newspaper reports that Israeli police used Pegasus to conduct warrantless surveillance of cellphones belonging to opponents of former prime minister Benjamin Netanyahu, former government employees and other prominent people. The police deny warrantless intercepts but refuse to discuss Pegasus.
In Israel, as in many jurisdictions, the police are required to seek a court order but loopholes may exist as the Pegasus software isn’t covered by existing laws – and whilst foreign entities are prohibited from targeting Israeli phones from overseas, a domestic agent such as the Israeli police may have no such constraints.
Watch out for Reign!
As if we hadn’t heard enough about “zero-click” spyware already, another one – Reign – pops up in a Reuters exclusive report. It seems another Israeli company, QuaDream, developed an alarmingly similar software to Pegasus, again with the ability to compromise the smartphones of unwitting owners. Until now, QuaDream has managed to avoid the limelight – and the lawsuits – and although NSO and QuaDream are not thought to collaborate, sources suggest they may have employed the same software engineers and some point. It is thought both companies used an iMessage exploit on iPhones known as ForcedEntry to infect smartphones. Once Apple fixed the iMessage vulnerability in September last year both Pegasus and Reign were rendered ineffective. It has been reported that the Singapore government was one of QuaDream’s first clients around 2019 (although you won’t find that in the Straits Times print edition). Mexico, Saudi Arabia and Indonesia are also thought to be QuaDream clients as well as NSO clients.
Keep your comms secure
For now and the foreseeable future Pegasus, Quadream and others as yet under the radar will live on, and while they do no phone is safe. The only way to keep your sensitive calls and messaging hidden from sophstcated spyware is to use a highly encrypted subscription-based app trusted by governments, law firms and multinationals worldwide. Get in touch with Xione for more information.
