Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Former US spies used iPhone hack tool on dissidents, on behalf of UAE

Last updated

Using a tool known as "Karma," a team of former U.S. intelligence operatives working for the United Arab Emirates broke into the iPhones of activists, diplomats, and even foreign leaders, a report said on Wednesday.

Starting in 2016 Karma alowed the U.A.E. to monitor hundreds of people, Reuters revealed. This includes everyone from the Emir of Qatar to Tawakkol Karman, a Yemeni human rights activist and Nobel Peace Prize winner. Other targets included people in Europe, Turkey, and Oman.

An offensive operations unit stationed in Abu Dhabi was formed from a mix of U.S. contractors and Emirati security officials, operating under the name "Project Raven." Karma was reportedly extremely easy to use, simply requiring people to upload phone numbers or email addresses into an automated system. The only limits were that it couldn't target Android users, and didn't intercept phone calls, ex-Raven members explained.

Significantly targets didn't have to tap on a link to be exposed, a common tactic in other surveillance exploits.

Between 2016 and 2017 Karma successfully obtained emails, photos, passwords, SMS messages, and location data. It's not certain whether the tool is still in use, since the ex-Raven sources noted that iOS updates have made Karma less useful. It relied on an iMessage exploit that worked even if a target wasn't using Messages.

At least one former Raven member, Lori Stroud, previously worked at the U.S. National Security Agency. Americans were paid by an Emirati security firm, DarkMatter — Karma, though, was said to have been obtained from an unknown foreign vendor.

iMessage has proven vulnerable to attacks in the past, though mainly in the form of texts that cause Messages to hang or crash. It could be that Karma relied — or relies — on a similar method to allow code execution.



19 Comments

racerhomie3 7 Years · 1264 comments

Remember kids & old people, this is why you should update your device after 1 to 2 weeks.

maciekskontakt 15 Years · 1168 comments

Remember kids & old people, this is why you should update your device after 1 to 2 weeks.

Very professional advice. Have you confirmed with Raven team this would solve the problem?

boxcatcher 9 Years · 275 comments

Remember kids & old people, this is why you should update your device after 1 to 2 weeks.

1 to 2 weeks after what? And why not 1 to 2 days after it? What a goofy comment.

genovelle 16 Years · 1481 comments

Using a tool known as "Karma," a team of former U.S. intelligence operatives working for the United Arab Emirates broke into the iPhones of activists, diplomats, and even foreign leaders, a report said on Wednesday.

iPhone X


Starting in 2016 Karma alowed the U.A.E. to monitor hundreds of people, Reuters revealed. This includes everyone from the Emir of Qatar to Tawakkol Karman, a Yemeni human rights activist and Nobel Peace Prize winner. Other targets included people in Europe, Turkey, and Oman.

An offensive operations unit stationed in Abu Dhabi was formed from a mix of U.S. contractors and Emirati security officials, operating under the name "Project Raven." Karma was reportedly extremely easy to use, simply requiring people to upload phone numbers or email addresses into an automated system. The only limits were that it couldn't target Android users, and didn't intercept phone calls, ex-Raven members explained.

Significantly targets didn't have to tap on a link to be exposed, a common tactic in other surveillance exploits.

Between 2016 and 2017 Karma successfully obtained emails, photos, passwords, SMS messages, and location data. It's not certain whether the tool is still in use, since the ex-Raven sources noted that iOS updates have made Karma less useful. It relied on an iMessage exploit that worked even if a target wasn't using Messages.

At least one former Raven member, Lori Stroud, previously worked at the U.S. National Security Agency. Americans were paid by an Emirati security firm, DarkMatter -- Karma, though, was said to have been obtained from an unknown foreign vendor.

iMessage has proven vulnerable to attacks in the past, though mainly in the form of texts that cause Messages to hang or crash. It could be that Karma relied -- or relies -- on a similar method to allow code execution.

So, how much did they get paid to share this article. If these guys could break in so easily why didn’t they take the bounty the FBI was offering to break into the iPhone they needed to get into. They had the phone number and Apple ID. Sounds sketchy to me. 

bobolicious 10 Years · 1177 comments

"The only limits were that it couldn't target Android users" Hmmm so who might be behind this...?