A new report exposes Reign: a Pegasus-like spyware used to hack iPhones
For years, we thought iPhones were more secure than Android phones and couldn't be hacked. And although Apple's phones have a ton of security in place, the Pegasus hack, which hit the headlines in the summer of 2021, proved that iPhones are not as invulnerable to hacking as we thought.
Of course, Apple released a patch that fixed the vulnerability in iMessage that the Pegasus hack was exploiting, so your iPhone should be safe from that spyware, at least. But it looks like another Pegasus-like spyware that has the potential to attack iPhones has been sold to governments around the world.
In a new report, Citizen Lab revealed the existence of Reign, a spyware very similar to Pegasus (via AppleInsider). According to the report, Reign was made by an Israeli company called QuaDream and was used to spy on at least five civil society victims in North America, Central Asia, Southeast Asia, Europe, and the Middle East.
Based on samples shared by Microsoft Threat Intelligence, Citizen Lab also figured out that Reign was deployed by utilizing a suspected exploit in iOS 14, including iOS 14.4 and 14.4.2 and possibly other versions as well. The exploit, which Citizen Lab dubbed Endofdays, utilized invisible iCloud calendar invitations sent to victims by the spyware's operator.
Once installed on the victim's iPhone, Reign can perform various actions such as recording call audio, accessing the microphone, taking photos with the cameras, extracting and removing items from the Keychain, generating iCloud 2FA passwords, searching through files and databases, and tracking the device's location. Reign also has a self-destruct feature that erases its traces.
In its report, Citizen Lab shared that it hasn't detected any cases of individuals targeted with the Endofdays exploit prior to January 2021 or after November 2021. This means Apple has probably fixed the vulnerability that Endofdays used to deploy Reign. So if you haven't updated your iPhone to the latest version of iOS, we suggest you do it now.
Citizen Lab also notes that its report serves as a reminder that the mercenary spyware industry is bigger than any single company and that researchers and potential targets need to stay vigilant.
Of course, Apple released a patch that fixed the vulnerability in iMessage that the Pegasus hack was exploiting, so your iPhone should be safe from that spyware, at least. But it looks like another Pegasus-like spyware that has the potential to attack iPhones has been sold to governments around the world.
Based on samples shared by Microsoft Threat Intelligence, Citizen Lab also figured out that Reign was deployed by utilizing a suspected exploit in iOS 14, including iOS 14.4 and 14.4.2 and possibly other versions as well. The exploit, which Citizen Lab dubbed Endofdays, utilized invisible iCloud calendar invitations sent to victims by the spyware's operator.
Should you be concerned?
In its report, Citizen Lab shared that it hasn't detected any cases of individuals targeted with the Endofdays exploit prior to January 2021 or after November 2021. This means Apple has probably fixed the vulnerability that Endofdays used to deploy Reign. So if you haven't updated your iPhone to the latest version of iOS, we suggest you do it now.
Citizen Lab also notes that its report serves as a reminder that the mercenary spyware industry is bigger than any single company and that researchers and potential targets need to stay vigilant.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: