Potent Apple iPhone hacking tool proves that Karma is a bitch

Potent Apple iPhone hacking tool proves that Karma is a bitch
A tool called Karma allowed former U.S. spies working for the United Arab Emirates to hack into iPhones belonging to certain targets. According to Reuters, Karma was used on the iOS powered handsets belonging to leaders of foreign countries, activists and diplomats. Reuters reviewed documents and spoke with five of the operatives involved in the spying.

The report says that the spying took place starting in 2016 and targets included a human-rights activist in Yemen who had won the Nobel Peace Prize, a senior official in Turkey, and the Emir of Qatar. Overall, there were hundreds of iPhones hacked into by the unit responsible for using the tool, which was code named Project Raven.

The information that Karma retrieved included location data, text messages, photos, and emails. It also allowed the spies to obtain saved passwords. Before 2017 came to a close, an iOS update closed the exploit that allowed Karma to work, reducing its effectiveness. It is unclear whether the country continues to use the tool.

Those involved in the spying said that Karma does not work on Android handsets, nor will it allow users to eavesdrop on voice calls. But the tool did allow the hackers access to an iPhone simply by uploading phone numbers and email addresses "into an automated targeting system." One feature that made Karma such a powerful tool for the UAE was that the hack did not require the targeted iPhone user to click on a special link sent to his/her device.

Other tools like Karma exist, but the hacking system is so sophisticated that very few countries can develop something similar. Former Obama cybersecurity chief Michael Daniel says that only 10 countries in the world, including Russia, China, the U.S. and some of its allies, can build such a potent spying platform.

Apple, and the UAE's Ministry of Foreign Affairs both declined comment on the report.

FEATURED VIDEO

45 Comments

1. Abdbaas

Posts: 123; Member since: Apr 05, 2016

iOS way more secure than android. Yeah right

2. JCASS889

Posts: 422; Member since: May 18, 2018

yeah...lol just waiting for the apple people to find a way to disprove and say that its not an issue. just how eavesdropping all the sudden isnt a privacy issue because its apple. if it was a samsung device you would never hear the end of it.

3. John-Knotts

Posts: 380; Member since: Feb 28, 2015

Lmao... So true. Apple sheep needed to be taken down a peg, and brought back down to earth with the rest of us. Let's see them try and spin this. Should be fun to watch.

8. lyndon420

Posts: 6376; Member since: Jul 11, 2012

.....

24. TheOracle1

Posts: 1821; Member since: May 04, 2015

Leo_mc will be here soon with a convoluted explanation/excuse.

75. Leo_MC

Posts: 6126; Member since: Dec 02, 2011

What makes you think I have to and I excuse the security flaws in iOS?

76. TheOracle1

Posts: 1821; Member since: May 04, 2015

You're late. What happened? Couldn't find an excuse for secure ios being hacked?

78. Leo_MC

Posts: 6126; Member since: Dec 02, 2011

I have better things to do than to believe every unverified story.

79. TheOracle1

Posts: 1821; Member since: May 04, 2015

That's more like it Leo. Discredit the story as unverified. I knew you wouldn't let me down.

80. Leo_MC

Posts: 6126; Member since: Dec 02, 2011

To even think about trying to discredit it I have to first care about the report and I don’t, no more than I care about all those ridiculous claims about jb the latest versions of iOS. I have some technical skills and, if this is to be true, I think it can only be an iCloud hack, because there’s no way one can access both messages and passwords through the same exploit (they are and always have been 2 separate apps that have never exchanged data on the iPhone). You can believe whatever you want to believe, but I’m going to need some prove; I’m not saying it couldn’t have happened, I’m just saying it didn’t as the report claims or the source of the exploit is not iMessage. It remains to be seen - we’ll be having updates for sure, because this is a very sensitive subject.

13. mootu

Posts: 1333; Member since: Mar 16, 2017

"just how eavesdropping all the sudden isnt a privacy issue " It wasn't just eavesdropping though, it granted access to almost everything except phone calls. The worst bit is that it granted full access to passwords, which means they could then go after the targets pc's etc as people tend to use the same passwords for all devices.

83. Leo_MC

Posts: 6126; Member since: Dec 02, 2011

It's just a story. Reuters has written an article (that quoted another Reuters article) where it interviewed some people that CLAIMED they have hacked the hell out of everybody; there is absolutely no prove, just a story. A true reporter would have had a 2016 iOS iPhone and would have told them "this is the number, hack it, we'll take some pictures so that we can have a real article", but they didn't so that makes me doubt everything. Just think about all the exploits for iOS: all of them went just as far as the app they exploited could communicate (for instance, photos with contacts); iMessage has never communicated with the password keychain (not to mention the fact that you can only access it through the enclave of the chip and that is being done only through biometric authentication or by entering the pass code). The security in iOS is so good that a malware app, with the potential to ravage an Android device, could only push some adds and only if the user opened the app...

58. piyath

Posts: 2445; Member since: Mar 23, 2012

This is unverified and could be just fake news. So be quiet...

4. AgentH

Posts: 17; Member since: Oct 11, 2018

And what is the US government reaction? Huawei situation was quite aggressive. Double standards?

7. lyndon420

Posts: 6376; Member since: Jul 11, 2012

Yeah. Still waiting on the proof they're spying. Conspiracy isn't proof only speculation.

15. osterrich21

Posts: 186; Member since: Apr 14, 2017

Till now US government don't found the "biological arms of mass destruction" of Iraq.Real interest of USA? The Iraqi oil. Same with Huawei, the biggest installer of 5G in the world.This the American govt. don't want.

37. L0n3n1nja

Posts: 1504; Member since: Jul 12, 2016

Huawei isn't a spy agency hacking into phones, I don't see how it's a double standard.

81. mootu

Posts: 1333; Member since: Mar 16, 2017

But the US senate is screaming from the rooftops that Huawei is just that. It's like the 1950's when everyone was shouting the Russians are coming, now it's the Chinese are coming. America needs an enemy, it's very good for the economy.

5. cmdacos

Posts: 3763; Member since: Nov 01, 2016

Is this supposed to be surprising? Everything connected can be hacked. We already know privacy is a marketing term only.

14. Rampage_Taco

Posts: 988; Member since: Jan 17, 2017

one of the worst parts about IoT devices. Someone with the know how can basically take over your house.

16. JCASS889

Posts: 422; Member since: May 18, 2018

that is why i dont take part in all the new smart devices for homes. i would only use them if they were hooked up to an independent home network not attached to the internet. do you really need a connected coffee maker or connected toilet?

22. Rampage_Taco

Posts: 988; Member since: Jan 17, 2017

i think the worst are smart locks, someone can just rob you without having to break a thing

27. sissy246

Posts: 6902; Member since: Mar 04, 2015

Agree cmdacos Some need to learn this. Doesn't matter what we use , it can be hacked.

31. lyndon420

Posts: 6376; Member since: Jul 11, 2012

I'll second that. To choose iOS based solely on the assumption that it's more secure is ridiculous. Heck...their apps and connections (WiFi/Cell) have more bugs than ever before.

9. Vogue1985

Posts: 317; Member since: Jan 24, 2017

That's crazy, this "karma" was made specifically to toward IPhone. That's nasty, they obviously have android version.

10. JCASS889

Posts: 422; Member since: May 18, 2018

i believe it alot more difficult to make for android since their are thousands of different android phones all with their own versions, firmware and hardware, but with the iphone they are all the same so they are able to focus on an unchanging product over the years.

11. mootu

Posts: 1333; Member since: Mar 16, 2017

They most likely don't, Karma works by exploiting vulnerabilities in iMessage. Android does not have a proprietary messaging system.

36. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

Ah... pseudo-whataboutism. So, deflection is the defensive tactic chosen.

12. osterrich21

Posts: 186; Member since: Apr 14, 2017

So, IOS is safe, huh?

52. SIGPRO

Posts: 2810; Member since: Oct 03, 2012

Fruit phones are very secure...........Not!

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.