Former US spies used iPhone hack tool on dissidents, on behalf of UAE

Posted:
in iPhone edited January 2019
Using a tool known as "Karma," a team of former U.S. intelligence operatives working for the United Arab Emirates broke into the iPhones of activists, diplomats, and even foreign leaders, a report said on Wednesday.

iPhone X


Starting in 2016 Karma alowed the U.A.E. to monitor hundreds of people, Reuters revealed. This includes everyone from the Emir of Qatar to Tawakkol Karman, a Yemeni human rights activist and Nobel Peace Prize winner. Other targets included people in Europe, Turkey, and Oman.

An offensive operations unit stationed in Abu Dhabi was formed from a mix of U.S. contractors and Emirati security officials, operating under the name "Project Raven." Karma was reportedly extremely easy to use, simply requiring people to upload phone numbers or email addresses into an automated system. The only limits were that it couldn't target Android users, and didn't intercept phone calls, ex-Raven members explained.

Significantly targets didn't have to tap on a link to be exposed, a common tactic in other surveillance exploits.

Between 2016 and 2017 Karma successfully obtained emails, photos, passwords, SMS messages, and location data. It's not certain whether the tool is still in use, since the ex-Raven sources noted that iOS updates have made Karma less useful. It relied on an iMessage exploit that worked even if a target wasn't using Messages.

At least one former Raven member, Lori Stroud, previously worked at the U.S. National Security Agency. Americans were paid by an Emirati security firm, DarkMatter -- Karma, though, was said to have been obtained from an unknown foreign vendor.

iMessage has proven vulnerable to attacks in the past, though mainly in the form of texts that cause Messages to hang or crash. It could be that Karma relied -- or relies -- on a similar method to allow code execution.

Comments

  • Reply 1 of 19
    Remember kids & old people, this is why you should update your device after 1 to 2 weeks.
    beowulfschmidt
  • Reply 2 of 19
    Remember kids & old people, this is why you should update your device after 1 to 2 weeks.
    Very professional advice. Have you confirmed with Raven team this would solve the problem?
    GeorgeBMac
  • Reply 3 of 19
    Remember kids & old people, this is why you should update your device after 1 to 2 weeks.
    1 to 2 weeks after what? And why not 1 to 2 days after it? What a goofy comment.
    jbdragon
  • Reply 4 of 19
    genovellegenovelle Posts: 1,480member
    Using a tool known as "Karma," a team of former U.S. intelligence operatives working for the United Arab Emirates broke into the iPhones of activists, diplomats, and even foreign leaders, a report said on Wednesday.

    iPhone X


    Starting in 2016 Karma alowed the U.A.E. to monitor hundreds of people, Reuters revealed. This includes everyone from the Emir of Qatar to Tawakkol Karman, a Yemeni human rights activist and Nobel Peace Prize winner. Other targets included people in Europe, Turkey, and Oman.

    An offensive operations unit stationed in Abu Dhabi was formed from a mix of U.S. contractors and Emirati security officials, operating under the name "Project Raven." Karma was reportedly extremely easy to use, simply requiring people to upload phone numbers or email addresses into an automated system. The only limits were that it couldn't target Android users, and didn't intercept phone calls, ex-Raven members explained.

    Significantly targets didn't have to tap on a link to be exposed, a common tactic in other surveillance exploits.

    Between 2016 and 2017 Karma successfully obtained emails, photos, passwords, SMS messages, and location data. It's not certain whether the tool is still in use, since the ex-Raven sources noted that iOS updates have made Karma less useful. It relied on an iMessage exploit that worked even if a target wasn't using Messages.

    At least one former Raven member, Lori Stroud, previously worked at the U.S. National Security Agency. Americans were paid by an Emirati security firm, DarkMatter -- Karma, though, was said to have been obtained from an unknown foreign vendor.

    iMessage has proven vulnerable to attacks in the past, though mainly in the form of texts that cause Messages to hang or crash. It could be that Karma relied -- or relies -- on a similar method to allow code execution.
    So, how much did they get paid to share this article. If these guys could break in so easily why didn’t they take the bounty the FBI was offering to break into the iPhone they needed to get into. They had the phone number and Apple ID. Sounds sketchy to me. 

  • Reply 5 of 19
    "The only limits were that it couldn't target Android users" Hmmm so who might be behind this...?
  • Reply 6 of 19
    gatorguygatorguy Posts: 24,176member
    "The only limits were that it couldn't target Android users" Hmmm so who might be behind this...?
    Because Karma wasn't an Android exploit? As far as who was behind it, read the article. It says the UAE government. 
    edited January 2019 GeorgeBMac
  • Reply 7 of 19
    welshdogwelshdog Posts: 1,897member
    I hate hackers.
  • Reply 8 of 19
    At least one person quoted in the article, Lori Stroud, should be charged criminally for providing Reuters with this information. This isn’t a matter of whistleblowing, this is egotistically exposing secret methods used by US intelligence agencies.
    edited January 2019
  • Reply 9 of 19
    This whole story reeks of BS, "Karma was reportedly extremely easy to use, simply requiring people to upload phone numbers or email addresses into an automated system" Really? A lot of people and companies test iOS constantly for exploits like this, there is no way this went 3 years and no one else came across it. No information on how this exploit was so easily carried out, only it was iPhone only, sounds like some weird hit job on Apple again. How long did the facetime issue take to come out? just days because so many people are looking for these exploits.
  • Reply 10 of 19
    gatorguygatorguy Posts: 24,176member
    jmey267 said:
    This whole story reeks of BS, "Karma was reportedly extremely easy to use, simply requiring people to upload phone numbers or email addresses into an automated system" Really? A lot of people and companies test iOS constantly for exploits like this, there is no way this went 3 years and no one else came across it. No information on how this exploit was so easily carried out, only it was iPhone only, sounds like some weird hit job on Apple again. How long did the facetime issue take to come out? just days because so many people are looking for these exploits.
    It relied primarily on a flaw within iMessage. That particular hole was closed by iOS12 according to "those who know", but that doesn't mean another method isn't in use now. 
    anantksundaram
  • Reply 11 of 19
    knowitallknowitall Posts: 1,648member
    If I undersood correctly it was a hack using sms (as I posted earlier) which imessage includes.
    This makes sense because a phone number only has no other inroads into the iOS infrastructure.
    Very serious breach, which Apple should comment on, especially how this could happen and what code quality was used (for imessage).
    anantksundaram
  • Reply 12 of 19
    gatorguy said:
    jmey267 said:
    This whole story reeks of BS, "Karma was reportedly extremely easy to use, simply requiring people to upload phone numbers or email addresses into an automated system" Really? A lot of people and companies test iOS constantly for exploits like this, there is no way this went 3 years and no one else came across it. No information on how this exploit was so easily carried out, only it was iPhone only, sounds like some weird hit job on Apple again. How long did the facetime issue take to come out? just days because so many people are looking for these exploits.
    It relied primarily on a flaw within iMessage. That particular hole was closed by iOS12 according to "those who know", but that doesn't mean another method isn't in use now. 
    But this is my point there is no way this went unknown for that long without someone else finding this exploit. How many people and companies do you think test iOS daily for exactly these issues?
  • Reply 13 of 19
    gatorguygatorguy Posts: 24,176member
    jmey267 said:
    gatorguy said:
    jmey267 said:
    This whole story reeks of BS, "Karma was reportedly extremely easy to use, simply requiring people to upload phone numbers or email addresses into an automated system" Really? A lot of people and companies test iOS constantly for exploits like this, there is no way this went 3 years and no one else came across it. No information on how this exploit was so easily carried out, only it was iPhone only, sounds like some weird hit job on Apple again. How long did the facetime issue take to come out? just days because so many people are looking for these exploits.
    It relied primarily on a flaw within iMessage. That particular hole was closed by iOS12 according to "those who know", but that doesn't mean another method isn't in use now. 
    But this is my point there is no way this went unknown for that long without someone else finding this exploit. How many people and companies do you think test iOS daily for exactly these issues?
    With iOS being a relatively closed platform there's fewer eyes reviewing the code making it (probably) harder to discover these holes, and takes far longer for someone else to notice would be my thought. There's been other instances of a security hole in iOS dating back years before being brought to Apple's attention. No software is 100% hack proof. That's why there's security updates.
    anantksundaram
  • Reply 14 of 19
    GeorgeBMacGeorgeBMac Posts: 11,421member
    genovelle said:
    Using a tool known as "Karma," a team of former U.S. intelligence operatives working for the United Arab Emirates broke into the iPhones of activists, diplomats, and even foreign leaders, a report said on Wednesday.

    iPhone X


    Starting in 2016 Karma alowed the U.A.E. to monitor hundreds of people, Reuters revealed. This includes everyone from the Emir of Qatar to Tawakkol Karman, a Yemeni human rights activist and Nobel Peace Prize winner. Other targets included people in Europe, Turkey, and Oman.

    An offensive operations unit stationed in Abu Dhabi was formed from a mix of U.S. contractors and Emirati security officials, operating under the name "Project Raven." Karma was reportedly extremely easy to use, simply requiring people to upload phone numbers or email addresses into an automated system. The only limits were that it couldn't target Android users, and didn't intercept phone calls, ex-Raven members explained.

    Significantly targets didn't have to tap on a link to be exposed, a common tactic in other surveillance exploits.

    Between 2016 and 2017 Karma successfully obtained emails, photos, passwords, SMS messages, and location data. It's not certain whether the tool is still in use, since the ex-Raven sources noted that iOS updates have made Karma less useful. It relied on an iMessage exploit that worked even if a target wasn't using Messages.

    At least one former Raven member, Lori Stroud, previously worked at the U.S. National Security Agency. Americans were paid by an Emirati security firm, DarkMatter -- Karma, though, was said to have been obtained from an unknown foreign vendor.

    iMessage has proven vulnerable to attacks in the past, though mainly in the form of texts that cause Messages to hang or crash. It could be that Karma relied -- or relies -- on a similar method to allow code execution.
    So, how much did they get paid to share this article. If these guys could break in so easily why didn’t they take the bounty the FBI was offering to break into the iPhone they needed to get into. They had the phone number and Apple ID. Sounds sketchy to me. 

    Their salary ran from $200K to $400K a year.   Who needs bounties?
  • Reply 15 of 19
    GeorgeBMacGeorgeBMac Posts: 11,421member

    welshdog said:
    I hate hackers.

    There were actually former U.S. intelligence agents using our own techniques to spy on Americans.   They aren't just hackers.  They are traitors.
    anantksundaramtbornot
  • Reply 16 of 19
    GeorgeBMacGeorgeBMac Posts: 11,421member

    At least one person quoted in the article, Lori Stroud, should be charged criminally for providing Reuters with this information. This isn’t a matter of whistleblowing, this is exposing secret methods used by US intelligence agencies for egotistical reasons.
    This wasn't done for ego.   It was done for salaries of $200-4400K a year.
    And Stroud is cooperating with the FBI on this and has not been charged.
  • Reply 17 of 19
    GeorgeBMacGeorgeBMac Posts: 11,421member
    One interesting tidbit not mentioned here:   Lori Stroud is the one who hired and managed Edward Snowden -- then, after her reputation was trashed, accepted the UAE's job for a very lucrative salary.   It sounds like, of the two, Snowden had the more integrity.   At least Snowden did what he thought was right.   Stroud just took the money.
    knowitall
  • Reply 18 of 19
    tbornottbornot Posts: 116member
    You know, if you were a despotic government that wanted to stop people using iPhones to avoid spies but couldn’t break the actual encryption, you could plant stories that the phone wasn’t safe.  Good as actually breaking in, because people are now scared to use the phones.
Sign In or Register to comment.