The Citizen Lab, a specialized organization in electronic security, and Microsoft company revealed that the UAE used spyware and hacking tools produced by an Israeli company to hack the phones of journalists, dissidents, and human rights organizations.
The report stated that it identified a few civil society victims whose iPhones were hacked using monitoring software developed by the Israeli company QuaDream, a lesser-known competitor to the NSO company that specializes in software espionage, which the US government blacklisted due to its involvement in hacking human rights activists and opponents of authoritarian regimes.
CoaDream is one of several offensive cyber companies operating out of Israel developing iPhone hacking tools for government clients.
According to the cybersecurity laboratory, the tracking of the servers used by Qua Dream to its operators shows that hacking tools were used in Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the UAE and Uzbekistan.
Citizen Lab stated that it had developed tools that “enabled it to identify at least five civil society victims of QuaDream spyware and tools; among the victims were journalists, opposition political figures and an NGO worker.”
“We will not name the victims at this stage,” he said. However, he said that the Israeli company’s hacking tools rely on “zero-click” technology, or attack without any clicks, and target the iOS 14 operating system, including iOS 14.4 and 14.4.2 and possibly other versions.
In a report published in conjunction with the Citizen Lab report, Microsoft said that it believes with “high confidence” that the spyware is “strongly associated with CoaDream.”
Microsoft executive Amy Hogan Bernie said in a statement that mercenary hacking groups such as Coa Dream are “thriving in the shadows” and that exposing them “is necessary to stop this activity.”
According to Citizen Lab, CoaDream has partnered with a Cypriot company called InReach, which is currently in a legal dispute. In addition, it pointed out that “many key individuals associated with both companies have previous contacts with another provider of spy services (Verint) in addition to Israeli intelligence agencies.”
In its early years, Quadrim was marketed by InReach Corporation, which is registered as one of the company’s owners. The aim of using the Cypriot company was to circumvent the supervision of the Israeli Ministry of Security on security exports, as a Cypriot company is not subject to such supervision and is not obligated to register with the Ministry of Security as an exporter of security products.
Three Israelis founded the Quadrim company in 2016: Guy Geva, Nimrod Rinsky and Ilan Dablestein, and the latter was an officer in the Israeli Military Intelligence Division. Avi Rabinowitz is the company’s general manager.
The hacking tool developed by Qua Dream is called “reign”, similar to Pegasus for NSO. The vulnerability that the spyware is exploiting in this regard, and now revealing for the first time, is the hack of the digital calendar service of NSO Apple – iCloud Calendar – which allows attackers to send a fake call to the phone and thus gain access to it.
Qua Dream is showing its customers the hacking tool Reign, which can hack iPhones without needing the device holder to click on any link, while the Android device holder needs to click once on a link sent to his phone.
According to the information that Qua Dream provides to its customers, it is possible to extract any imaginable information from the phone, and even information that is no longer in it, such as stealing any documents or information from the phone, including pictures, videos, emails, WhatsApp messages or Telegram etc. In addition to turning on the camera, microphone and GPS to spy on the phone holder.