A flaw in Apple’s software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, according to five people familiar with the matter.
QuaDream, the sources said, is a smaller and lower profile Israeli firm that also develops smartphone hacking tools intended for government clients.
The two rival businesses gained the same ability last year to remotely break into iPhones, according to the five sources, meaning that both firms could compromise Apple phones without an owner needing to open a malicious link. That two firms employed the same sophisticated hacking technique – known as a “zero-click” – shows that phones are more vulnerable to powerful digital spying tools than the industry will admit, one expert said.
“People want to believe they’re secure, and phone companies want you to believe they’re secure. What we’ve learned is, they’re not,” said Dave Aitel, a partner at Cordyceps Systems, a cybersecurity firm.
Experts analyzing intrusions engineered by NSO Group and QuaDream since last year believe the two companies used very similar software exploits, known as ForcedEntry, to hijack iPhones.
An exploit is computer code designed to leverage a set of specific software vulnerabilities, giving a hacker unauthorized access to data.
The analysts believed NSO and QuaDream’s exploits were similar because they leveraged many of the same vulnerabilities hidden deep inside Apple’s instant messaging platform and used a comparable approach to plant malicious software on targeted devices, according to three of the sources.
Bill Marczak, a security researcher with digital watchdog Citizen Lab who has been studying both companies’ hacking tools, told Reuters that QuaDream’s zero-click capability seemed “on par” with NSO’s.
Reuters made repeated attempts to reach QuaDream for comment, sending messages to executives and business partners. A Reuters journalist last week visited QuaDream’s office, in the Tel Aviv suburb of Ramat Gan, but no one answered the door. Israeli lawyer Vibeke Dank, whose email was listed on QuaDream’s corporate registration form, also did not return repeated messages.
An Apple spokesman declined to comment on QuaDream or say what if any action they planned to take with regard to the company.
ForcedEntry is viewed as “one of the most technically sophisticated exploits” ever captured by security researchers.
So similar were the two versions of ForcedEntry that when Apple fixed the underlying flaws in September 2021 it rendered both NSO and QuaDream’s spy software ineffective, according to two people familiar with the matter.
In a written statement, an NSO spokeswoman said the company “did not cooperate” with QuaDream but that “the cyber intelligence industry continues to grow rapidly globally.”
Apple sued NSO Group over ForcedEntry in November, claiming that NSO had violated Apple’s user terms and services agreement. The case is still in its early stages.
In its lawsuit, Apple said that it “continuously and successfully fends off a variety of hacking attempts.” NSO has denied any wrongdoing.
Spyware companies have long argued they sell high-powered technology to help governments thwart national security threats. But human rights groups and journalists have repeatedly documented the use of spyware to attack civil society, undermine political opposition, and interfere with elections.
Apple notified thousands of ForcedEntry targets in November, making elected officials, journalists, and human rights workers around the world realize they had been placed under surveillance.
In Uganda, for example, NSO’s ForcedEntry was used to spy on U.S. diplomats, Reuters reported .
In addition to the Apple lawsuit, Meta’s WhatsApp is also litigating over the alleged abuse of its platform. In November, NSO was put on a trade blacklist by the U.S. Commerce Department over human rights concerns.
Unlike NSO, QuaDream has kept a lower profile despite serving some of the same government clients. The company has no website touting its business and employees have been told to keep any reference to their employer off social media, according to a person familiar with the company.
REIGN
QuaDream was founded in 2016 by Ilan Dabelstein, a former Israeli military official, and by two former NSO employees, Guy Geva and Nimrod Reznik, according to Israeli corporate records and two people familiar with the business. Reuters could not reach the three executives for comment.
Like NSO’s Pegasus spyware, QuaDream’s flagship product – called REIGN – could take control of a smartphone, scooping up instant messages from services such as WhatsApp, Telegram, and Signal, as well as emails, photos, texts and contacts, according to two product brochures from 2019 and 2020 which were reviewed by Reuters.
REIGN’s “Premium Collection” capabilities included the “real time call recordings”, “camera activation – front and back” and “microphone activation”, one brochure said.
Prices appeared to vary. One QuaDream system, which would have given customers the ability to launch 50 smartphone break-ins per year, was being offered for $2.2 million exclusive of maintenance costs, according to the 2019 brochure. Two people familiar with the software’s sales said the price for REIGN was typically higher.
Over the years, QuaDream and NSO Group employed some of the same engineering talent, according to three people familiar with the matter. Two of those sources said the companies did not collaborate on their iPhone hacks, coming up with their own ways to take advantage of vulnerabilities.
Several of QuaDream’s buyers have also overlapped with NSO’s, four of the sources said, including Saudi Arabia and Mexico – both of whom have been accused of misusing spy software to target political opponents.
One of QuaDream’s first clients was the Singaporean government, two of the sources said, and documentation reviewed by Reuters shows the company’s surveillance technology was pitched to the Indonesian government as well. Reuters couldn’t determine if Indonesia became a client.
Mexican, Singaporean, Indonesian and Saudi officials did not return messages seeking comment about QuaDream.
(Reporting by Christopher Bing and Raphael Satter in Washington. Joseph Menn in San Francisco, Nir Elias in Ramat Gan, Israel, Dan Williams in Jerusalem, and Michele Kambas in Nicosia, Cyprus contributed reporting. Editing by Chris Sanders and Edward Tobin)
Montreal Alouettes wide receiver Tyson Philpot has announced he will be out for the rest of the CFL season.
The Delta, B.C., native posted the news on his Instagram page Thursday.
“To Be Continued. Shoutout my team, the fans of the CFL and the whole city of Montreal! I can’t wait to be back healthy and write this next chapter in 2025,” the statement read.
Philpot, 24, injured his foot in a 33-23 win over the Hamilton Tiger-Cats on Aug. 10 and was placed on the six-game injured list the next week.
The six-foot-one, 195-pound receiver had 58 receptions, 779 yards and five touchdowns in nine games for the league-leading Alouettes in his third season.
Philpot scored the game-winning touchdown in Montreal’s Grey Cup win last season to punctuate a six-reception, 63-yard performance.
This report by The Canadian Press was first published Sept. 12, 2024.
MIAMI GARDENS, Fla. (AP) — Miami Dolphins quarterback Tua Tagovailoa sustained a concussion for the third time in his NFL career, leaving his team’s game Thursday night against Buffalo after running into defensive back Damar Hamlin and hitting the back of his head against the turf.
Tagovailoa remained down for about two minutes before getting to his feet and walking to the sideline after the play in the third quarter. He made his way to the tunnel not long afterward, looking into the stands before smiling and departing toward the locker room.
The Dolphins needed almost no time before announcing it was a concussion. The team said he had two during the 2022 season, and Tagovailoa was diagnosed with another concussion when he was a college player at Alabama.
Dolphins coach Mike McDaniel said Tagovailoa would get “proper procedural evaluation” and “appropriate care” on Friday.
“The furthest thing from my mind is, ‘What is the timeline?’ We just need to evaluate and just worry about my teammate, like the rest of the guys are,” McDaniel said. “We’ll get more information tomorrow and take it day by day from here.”
Some players saw Tagovailoa in the locker room after the game and said they were encouraged. Tagovailoa spoke with some players and then went home after the game, McDaniel said.
“I have a lot of love for Tua, built a great relationship with him,” said quarterback Skylar Thompson, who replaced Tagovailoa after the injury. “You care about the person more than the player and everybody in the organization would say the same thing. Just really praying for Tua and hopefully everything will come out all right.”
Tagovailoa signed a four-year, $212 million extension before this season — a deal that makes him one of the highest-paid players in the NFL — and was the NFL’s leading passer in Week 1 this season. Tagovailoa left with the Dolphins trailing 31-10, and that was the final score.
“If you know Tua outside of football, you can’t help but feel for him,” Bills quarterback Josh Allen said on Amazon following the game. “He’s a great football player but he’s an even greater human being. He’s one of the best humans on the planet. I’ve got a lot of love for him and I’m just praying for him and his family, hoping everything’s OK. But it’s tough, man. This game of football that we play, it’s got its highs and it’s got its lows — and this is one of the lows.”
Tagovailoa’s college years and first three NFL seasons were marred by injury, though he positioned himself for a big pay bump with an injury-free and productive 2023 as he led the Dolphins into the playoffs. He threw for 29 touchdowns and a league-best 4,624 yards last year.
When, or if, he can come back this season is anyone’s guess. Tagovailoa said in April 2023 that the concussions he had in the 2022 season left him contemplating his playing future. “I think I considered it for a time,” he said then, when asked if he considered stepping away from the game to protect himself.
McDaniel said it’s not his place to say if Tagovailoa should return to football. “He’ll be evaluated and we’ll have conversations and progress as appropriate,” McDaniel said.
Tagovailoa was hurt Thursday on a fourth-down keeper with about 4:30 left in the third. He went straight ahead into Hamlin and did not slide, leading with his right shoulder instead.
Hamlin was the player who suffered a cardiac arrest after making a tackle during a Monday night game in January 2023 at Cincinnati, causing the NFL to suspend a pivotal game that quickly lost significance in the aftermath of a scary scene that unfolded in front of a national television audience.
Tagovailoa wound up on his back, both his hands in the air and Bills players immediately pointed at him as if to suggest there was an injury. Dolphins center Aaron Brewer quickly did the same, waving to the sideline.
Tagovailoa appeared to be making a fist with his right hand as he lay on the ground. It was movement consistent with something that is referred to as the “fencing response,” which can be common after a traumatic brain injury.
Tagovailoa eventually got to his feet. McDaniel grabbed the side of his quarterback’s head and gave him a kiss on the cheek as Tagovailoa departed. Thompson came into the game to take Tagovailoa’s spot.
“I love Tua on and off the football field,” Bills edge Von Miller said. “I’m a huge fan of him. I can empathize and sympathize with him because I’ve been there. I wish him the best.”
Tagovailoa’s history with concussions — and how he has since worked to avoid them — is a huge part of the story of his career, and now comes to the forefront once again.
He had at least two concussions during the 2022 season. He was hurt in a Week 3 game against Buffalo and cleared concussion protocol, though he appeared disoriented on that play but returned to the game.
The NFL later changed its concussion protocol to mandate that if a player shows possible concussion symptoms — including a lack of balance or stability — he must sit out the rest of the game.
Less than a week later, in a Thursday night game at Cincinnati, Tagovailoa was concussed on a scary hit that briefly knocked him unconscious and led to him being taken off the field on a stretcher.
His second known concussion of that season came in a December game against Green Bay, and he didn’t play for the rest of the 2022 season. After that, Tagovailoa began studying ways where he may be able to fall more safely and protect himself against further injury — including studying jiu-jitsu.
“I’m not worried about anything that’s out of my hands,” McDaniel said. “I’m just worried about the human being.”
NEW YORK (AP) — When her husband turns on the television to hear news about the upcoming presidential election, that’s often a signal for Lori Johnson Malveaux to leave the room.
It can get to be too much. Often, she’ll go to a TV in another room to watch a movie on the Hallmark Channel or BET. She craves something comforting and entertaining. And in that, she has company.
While about half of Americans say they are following political news “extremely” or “very” closely, about 6 in 10 say they need to limit how much information they consume about the government and politics to avoid feeling overloaded or fatigued, according to a new survey from the Associated Press-NORC Center for Public Affairs Research and USAFacts.
Make no mistake: Malveaux plans to vote. She always does. “I just get to the point where I don’t want to hear the rhetoric,” she said.
The 54-year-old Democrat said she’s most bothered when she hears people on the news telling her that something she saw with her own eyes — like the Jan. 6, 2021, attack on the U.S. Capitol — didn’t really happen.
“I feel like I’m being gaslit. That’s the way to put it,” she said.
Sometimes it feels like ‘a bombardment’
Caleb Pack, 23, a Republican from Ardmore, Oklahoma, who works in IT, tries to keep informed through the news feeds on his phone, which is stocked with a variety of sources, including CNN, Fox News, The Wall Street Journal and The Associated Press.
Yet sometimes, Pack says, it seems like a bombardment.
“It’s good to know what’s going on, but both sides are pulling a little bit extreme,” he said. “It just feels like it’s a conversation piece everywhere, and it’s hard to escape it.”
Media fatigue isn’t a new phenomenon. A Pew Research Center survey conducted in late 2019 found roughly two in three Americans felt worn out by the amount of news there is, about the same as in a poll taken in early 2018. During the 2016 presidential campaign, about 6 in 10 people felt overloaded by campaign news.
But it can be particularly acute with news related to politics. The AP-NORC/USAFacts poll found that half of Americans feel a need to limit their consumption of information related to crime or overseas conflicts, while only about 4 in 10 are limiting news about the economy and jobs.
It’s easy to understand, with television outlets like CNN, Fox News Channel and MSNBC full of political talk and a wide array of political news online, sometimes complicated by disinformation.
“There’s a glut of information,” said Richard Coffin, director of research and advocacy for USAFacts, “and people are having a hard time figuring out what is true or not.”
Women are more likely to feel they need to limit media
In the AP-NORC poll, about 6 in 10 men said they follow news about elections and politics at least “very” closely, compared to about half of women. For all types of news, not just politics, women are more likely than men to report the need to limit their media consumption, the survey found.
White adults are also more likely than Black or Hispanic adults to say they need to limit media consumption on politics, the poll found.
Kaleb Aravzo, 19, a Democrat, gets a baseline of news by listening to National Public Radio in the morning at home in Logan, Utah. Too much politics, particularly when he’s on social media sites like TikTok and Instagram, can trigger anxiety and depression.
“If it pops up on my page when I’m on social media,” he said, “I’ll just scroll past it.”
___
Sanders reported from Washington. David Bauder writes about media for the AP. Follow him at http://x.com/dbauder.
The AP poll of 1,019 adults was conducted July 29-August 8, 2024, using a sample drawn from NORC’s probability-based AmeriSpeak Panel, which is designed to be representative of the U.S. population. The margin of sampling error for all respondents is plus or minus 4.0 percentage points.
