A tool called Karma allowed former U.S. spies working for the United Arab Emirates to hack into iPhones belonging to certain targets. According to Reuters, Karma was used on the iOS powered handsets belonging to leaders of foreign countries, activists and diplomats. Reuters reviewed documents and spoke with five of the operatives involved in the spying.
The report says that the spying took place starting in 2016 and targets included a human-rights activist in Yemen who had won the Nobel Peace Prize, a senior official in Turkey, and the Emir of Qatar. Overall, there were hundreds of iPhones hacked into by the unit responsible for using the tool, which was code named Project Raven.
The information that Karma retrieved included location data, text messages, photos, and emails. It also allowed the spies to obtain saved passwords. Before 2017 came to a close, an iOS update closed the exploit that allowed Karma to work, reducing its effectiveness. It is unclear whether the country continues to use the tool.
Those involved in the spying said that Karma does not work on Android handsets, nor will it allow users to eavesdrop on voice calls. But the tool did allow the hackers access to an iPhone simply by uploading phone numbers and email addresses "into an automated targeting system." One feature that made Karma such a powerful tool for the UAE was that the hack did not require the targeted iPhone user to click on a special link sent to his/her device.
Other tools like Karma exist, but the hacking system is so sophisticated that very few countries can develop something similar. Former Obama cybersecurity chief Michael Daniel says that only 10 countries in the world, including Russia, China, the U.S. and some of its allies, can build such a potent spying platform.
Apple, and the UAE's Ministry of Foreign Affairs both declined comment on the report.