Former US spies used iPhone hack tool on dissidents, on behalf of UAE
Using a tool known as "Karma," a team of former U.S. intelligence operatives working for the United Arab Emirates broke into the iPhones of activists, diplomats, and even foreign leaders, a report said on Wednesday.
Starting in 2016 Karma alowed the U.A.E. to monitor hundreds of people, Reuters revealed. This includes everyone from the Emir of Qatar to Tawakkol Karman, a Yemeni human rights activist and Nobel Peace Prize winner. Other targets included people in Europe, Turkey, and Oman.
An offensive operations unit stationed in Abu Dhabi was formed from a mix of U.S. contractors and Emirati security officials, operating under the name "Project Raven." Karma was reportedly extremely easy to use, simply requiring people to upload phone numbers or email addresses into an automated system. The only limits were that it couldn't target Android users, and didn't intercept phone calls, ex-Raven members explained.
Significantly targets didn't have to tap on a link to be exposed, a common tactic in other surveillance exploits.
Between 2016 and 2017 Karma successfully obtained emails, photos, passwords, SMS messages, and location data. It's not certain whether the tool is still in use, since the ex-Raven sources noted that iOS updates have made Karma less useful. It relied on an iMessage exploit that worked even if a target wasn't using Messages.
At least one former Raven member, Lori Stroud, previously worked at the U.S. National Security Agency. Americans were paid by an Emirati security firm, DarkMatter — Karma, though, was said to have been obtained from an unknown foreign vendor.
iMessage has proven vulnerable to attacks in the past, though mainly in the form of texts that cause Messages to hang or crash. It could be that Karma relied — or relies — on a similar method to allow code execution.