A spy tool developed by former U.S. government intelligence operatives reportedly allowed the United Arab Emirates government to remotely hack the iPhones of diplomats, activists and even foreign leaders.
The tool apparently didn’t require the victim to click a link, but could somehow be activated simply by loading in the phone numbers or email addresses of the intended targets …
Reuters reports that, once activated, the UAE government was able to obtain photos, emails, text messages and location data from the iPhones. Additionally, it provided access to passwords, which could then be used for further attacks.
A team of former U.S. government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma […]
The […] operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system. The tool has limits — it doesn’t work on Android devices and doesn’t intercept phone calls. But it was unusually potent because, unlike many exploits, Karma did not require a target to click on a link sent to an iPhone, they said.
No information is provided about how the tool worked, but it was apparently iPhone-specific. The piece says that the development team paid for the exploit used to develop Karma.
Reuters’ sources said that the tool was used in 2016 and 2017, before an Apple security update.
On Friday, Apple’s product security team encouraged Ms. Thompson, a lawyer, to set up a developer account to send a formal bug report. The company reacted after a separate developer reported the FaceTime flaw and it was written about on the Apple fan site 9to5mac.com , in an article that went viral.
It isn’t clear whether the Karma hack remains in use. The former operatives said that by the end of 2017, security updates to Apple Inc’s iPhone software had made Karma far less effective.
It was previously believed that fewer than a dozen nations possessed the capabilities needed to develop such tools.
Tools like Karma, which can exploit hundreds of iPhones simultaneously, capturing their location data, photos and messages, are particularly sought-after, veterans of cyberwarfare say. Only about 10 nations, such as Russia, China and the United States and its closest allies, are thought to be capable of developing such weapons, said Michael Daniel, a former White House cyber security czar under President Obama.
Unsurprisingly, both Apple and the UAE government declined to comment.
We recently revealed a major security failing in FaceTime that allowed a caller to hear and see someone before the call was answered. Apple has taken FaceTime group calling offline until it has fixed the bug.