Hacked iPhones star in Middle East cyberwar

By

UAE iPhone hacks
The hack took advantage of a flaw in iMessage.
Photo: Ste Smith/Cult of Mac

Intelligence operatives from the United Arab Emirates used a powerful cyber weapon that allowed them to monitor the iPhones of hundreds of targets.

The iPhone spy tool, dubbed Karma, gave the UAE remote access to phone numbers, photos, emails and text messages in 2016 and 2017.

An iOS security update rendered it “far less effective,” according to U.S. intelligence contractors who worked with the UAE to breach the iPhones of diplomats, activists, and rival foreign leaders.

Details of the program were reported this morning by the news agency Reuters, which quoted some of the spies who worked for Operation Raven.

Hacked iPhones ‘like Christmas’

“It was like, ‘We have this great new exploit that we just bought. Gets us a huge list of targets that have iPhones now,'” said Lori Stroud, a former U.S. National Security Agency operative who worked on Operation Raven. “It was like Christmas.”

The story offers a fascinating glimpse into an active cyber war between countries in the Middle East. The UAE used Karma on targets in Qatar, Yemen, and Saudi Arabia. Targets included the Emir of Qatar, Turkish government officials and A Nobel Peace laureate and human rights activist, the Reuters report said.

The operation included several U.S. spy veterans paid by an Emirati cybersecurity firm named DarkMatter, Reuters said

The hacking tool was purchased by an unknown vendor and reportedly took advantage of a security flaw in Apple’s iMessage app. Karma operatives would identify a target and send a text message. Gaining access did not depend on a response.

The iPhone is popular in the Middle East, as a status symbol and for an operating system considered more secure than Android (though the report said the Karma malware did not work on Android phones).

The UAE was hacking iPhones during the same period Apple was in a dispute with U.S. law enforcement officials who were trying to gain access to the iPhone belonging to one of the San Bernardino shooters. The government eventually spent $900,000 for a hacker to crack the phone, which turned up no useful evidence.

Apple CEO Tim Cook was refusing requests from justice officials to create backdoor access so that investigators could crack the iPhones of criminal suspects.

Apple uses security and data privacy as selling points for its products and Cook has called on U.S. lawmakers to write strict rules protecting personal information on electronic devices.

This week, Apple is dealing with the fall out of another security flaw, this one with its group FaceTime feature, that made eavesdropping possible.

Apple did not comment for the Reuters story.