A recent Citizen Lab report reveals that another spyware Pegasus is still spying on the iPhones of politicians and journalists around the world. Called Reign, it works in the same way as its counterpart, by recording audio calls and tracking the geolocation of the victim. Several countries continue to use it today.
It’s been over a year since Pegasus hit the headlines. The scandal was then total: NSO, an Israeli company, had sold spyware to several governments, thus infecting the iPhones of various journalists, political opponents and members of NGOs. The West, moreover, has not been spared by the affair. In France, at least 5 ministers have been affected by the spyware. Boris Johnson himself was not spared.
Since then, the business has died down somewhat, following the deep restructuring of NSO and the departure of its CEO. But a recent report from Citizen Lab has just set the fire to the powder. According to the cybersecurity firm, the use of spyware by governments is far from over. On the contrary: a new spyware has taken over from Pegasus.
Reign, the spiritual successor of Pegasus, panics the governments
Again, it is an Israeli company, called QuaDream, which is at the origin. Like NSO, it sells spyware called Reign to various governments, making no secret of its purpose: to spy on its political opponents. And, just like Pegasus, Reign exploits a security flaw included in iOS 14, more precisely iOS 14.4 and iOS 14.4.2, to achieve its ends.
The flaw, dubbed Endofdays by Citizen Lab, is based on an invitation to an event on the iCloud calendar sent to the targets. By opening this invitation, the spyware is installed on its iPhone and performs several spying operations. Among them, the recording of audio calls and the microphone, the taking of photos, the downloading of confidential files or the tracking of geolocation.
On the same subject — Pegasus: this application checks if the malware has been installed on your Android or iOS smartphone
In addition, Reign is also particularly dangerous since (almost) totally untraceable. Indeed, this one is able to generate double authentication keys to access the protected accounts of its victim, then to erase any sign of its presence once these misdeeds have been accomplished. Ironically, it is precisely this last feature that allowed researchers at Citizen Lab to discover the existence of spyware.
Reign is still used worldwide
According to Citizen Lab, Reign currently has a presence in several countries, including Singapore, Saudi Arabia, Mexico, and Ghana. Other states would consider using it, such as Indonesia and Morocco. Citizen Lab has also traced the presence of the software in at least 5 cases, in several regions of the globe and targeting journalists in particular, as well as personalities opposing the regime in place.
Unlike NSO, which refused to sell Pegasus after the scandal broke, QuaDream continues to market Reign. In addition, Citizen Lab hypothesizes that the two companies are related. Indeed, several employees of the firm have worked at NSO before. Moreover, one of the co-founders of QuaDream is a former Israeli military, thus underlining possible links with the army.
“The mercenary spyware industry is larger than any business, and researchers and potential targets alike must remain vigilant”, says Citizen Lab. As a reminder, France would also be working on its own spyware, in response to the operations carried out against the government by the NSO spyware.
Source : CitizenLab