A new type of iPhone spyware with capabilities similar to NSO Group’s Pegasus has been analysed by … [+]
A new type of iPhone spyware with capabilities similar to NSO Group’s Pegasus has been analysed by security researchers at Citizen Lab. So, what is Reign spyware, how does it infect people’s phones and who is at risk of attack?
What is Reign spyware and how do attacks work?
Reign is a new type of spyware made by Israeli company QuaDream that researchers have discovered in cyber-attacks between 2019 and 2021. Thankfully, the spyware no longer seems to be in use—Apple says there was no indication the exploit had been used since 2021. This is likely because Apple fixed the security vulnerability that enabled the attack: Citizen Lab notes the exploit was deployed as a zero-day against iOS versions 14.4 and 14.4.2, and “possibly other versions”.
It would have been fixed at a similar time to the vulnerability exploited by Pegasus, which is thought to have been fixed in iOS 14.8.
Apple recently released its iOS 16.4.1 software to fix two already exploited vulnerabilities, but the description and timing of these do not indicate they are linked to Reign.
The Reign spyware was deployed in a so-called “zero-click” attack—meaning it requires no interaction from the user to succeed. In the case of Pegasus, this happened via a message sent to a device. The latest exploit, which Citizen Lab dubbed “ENDOFDAYS”, makes invisible iCloud calendar invitations sent from the spyware’s operator to victims. The invites were set for a previous date, so victims would have no idea when the attack took place.
What happens after an iPhone is infected with Reign?
Spyware is particularly scary because it pretty much enables the attacker to snoop on all activity on your device. It can record conversations, read messages on any apps including Signal and WhatsApp, and track your location. According to the researchers, Reign could also generate two factor authentication codes to take over iCloud accounts and snoop on the data available there too.
Who was attacked by QuaDream’s spyware and who is at risk now?
Thankfully for most people, Reign is like Pegasus—it is very targeted. Unless you are a journalist, politician or dissident or operate in a high-risk business environment, you probably don’t need to worry.
Based on an analysis of samples shared with by Microsoft Threat Intelligence, Citizen Lab says it has developed indicators that enabled it to identify “at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East.”
Victims include journalists, political opposition figures and an NGO worker, Citizen Lab says, adding that it is “not naming the victims at this time.”
What are the signs spyware is on a device and what can you do to remove it?
Spyware is extremely sneaky, so it’s very possible you won’t notice the attack. However, some people find their phone is running more slowly or your battery might be draining quickly. There also might be some new toolbars or search engines you don’t remember installing.
The power of phone hacking software such as this and Pegasus “must never be underestimated,” warns Jake Moore, global cybersecurity advisor at ESET. “Its quiet, under the radar delivery method enables it to monitor the vast majority of a device and those targeted will have no idea it’s there. Once deployed to a device, it is extremely difficult to remove Reign.”
With Pegasus, it was sometimes possible to disrupt the attack by restarting your phone, which in some cases can remove the spyware’s access temporarily.
Applying software updates is also important—especially for those who might be targeted with spyware.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
