The Citizen Lab at the Munk College of the University of Toronto has uncovered another dangerous spyware tool that has been sold to governments around the world. Reign, developed by Israeli company QuaDream, shares destructive capabilities similar to Pegasus, which was infamous for its use in spying on political adversaries, activists, and journalists. Reign is capable of infecting devices and transmitting data without the user’s knowledge.
Reign has been sold to governments, including Singapore, Saudi Arabia, Mexico, and Ghana, with others like Indonesia and Morocco being pitched as potential buyers. The spyware has been used to monitor political opposition figures, journalists, and others in various regions, including North America, Central Asia, Southeast Asia, Europe, and the Middle East.
Reign uses iOS 14 zero-click exploit
According to Citizen Lab’s analysis, Reign was deployed using a suspected iOS 14 zero-click exploit, dubbed “Endofdays.” This allowed the spyware to infect devices without any interaction or input from the user. The exploit used invisible iCloud calendar invitations sent to victims, making it difficult to detect.Once Reign is installed on a device, it grants a significant amount of access to iOS and iPhone components, similar to Pegasus. These components include:
- Recording audio of calls
- Recording audio from the microphone
- Taking photos with the camera
- Exfiltrating and removing items from the Keychain
- Generating iCloud 2FA passwords
- Searching through files and databases on the device
- Tracking the device’s location
- Cleaning up traces of the software to avoid detection
Reign also includes a self-destruct feature that removes traces of the spyware, but this feature also helps researchers to identify if a victim was attacked using the surveillance tool.
The Israeli company QuaDream, which created the Reign spyware tool, has managed to evade detection by actively hiding its operations. However, a legal dispute with InReach, a Cyprus-based entity that sells QuaDream’s products outside of Israel, has provided researchers with crucial insights into the company’s officers and operations. According to the report by Citizen Lab, QuaDream shares common roots with NSO Group and other entities within the Israeli commercial spyware industry and government intelligence agencies.
The findings underscore the need for ongoing scrutiny of the mercenary spyware industry, which is far larger than any single company. Researchers and potential targets must remain vigilant in the face of such threats, which can compromise privacy, freedom of speech, and democratic institutions.
You can follow Smartprix on Twitter, Facebook, Instagram, and Google News. Visit smartprix.com for the most recent news, reviews, and tech guides.
