According to the Reuters news agency, erstwhile US government intelligence operatives, backed by the United Arab Emirates (UAE), hacked into the iPhones of activists, diplomats and foreign leaders. The team used a well-appointed spying tool called Karma to exploit iMessage and spy on the conversations of several public figures.
A tool to recover sensitive data from an iPhone
The Karma tool was first used in early 2016. The news agency also reported that United Arab Emirates engaged Project Raven, which included both national security officials and a couple of former intelligence officers having worked at the National Security Agency (NSA).
The hackers quickly mastered Karma to use it daily. Lori Stroud, former NSA Agent and ex-Raven Group member said, “It was like, ‘We have this great new exploit that we just bought. Get us a huge list of targets that have iPhones now,’” she said. “It was like Christmas.”
Karma exploited a flaw of the messaging software, iMessage, and therefore only worked on targets with iPhones. The procedure to infiltrate the phone was very simple: a message was sent to the phone number or email address of the person to spy on. There was no need for the target to view the message or click on a link, the simple sending was enough to create the connection between the iPhone and Karma.
The software could recover a lot of data like SMS, emails, photos and GPS positions collected by the iPhone. Telephone calls, however, could not be intercepted.
Karma has been used by the UAE to spy on policies in many countries
Among the people scouted by the UAE, are the Emir of Qatar, a senior Turkish official, and a Nobel Peace laureate human-rights activist in Yemen. Daesh-related terrorist groups have also been hacked.
Lori Stroud explained that since late 2017, the use of Karma got even more difficult, as Apple strengthened the security of iOS. The UAE also used Karma system to spy on the US citizens. Returned to the United States, Lori Stroud is now under investigation by the FBI to determine whether sensitive information or technology has been transferred to foreign intelligences.