A hacking tool was reportedly developed to monitor hundreds of targets through their iPhones and was leveraged by the UAE in 2016 and 2017.
According to a new report from Reuters, a hacking tool enabled the United Arab Emirates’ government to remotely hack the iPhones of diplomats, activists and even foreign leaders with just a text message.
The tool, called “Karma,” let spies steal photos, messages, email, and location data from iPhones by uploading victims’ email accounts or phone numbers to an automated system, the report said. The cyber attack worked through iMessage, and the spies simply needed to send a victim a text message; the target didn’t need to click on anything or open the message.
Karma reportedly allowed the UAE to “monitor hundreds of targets beginning in 2016, from the Emir of Qatar and a senior Turkish official to a Nobel Peace laureate human-rights activist in Yemen.”
The UAE government bought the hacking tool from an outside country, and the attacks were carried out by former US intelligence operatives working as contractors for the UAE, including ex-operatives with the National Security Agency, Reuters reported.
“It was like, ‘We have this great new exploit that we just bought. Gets us a huge list of targets that have iPhones now,'” said Lori Stroud, a former U.S. National Security Agency operative who worked on Operation Raven. “It was like Christmas.”
Ultimately, the tool was apparently used to gain entry into the accounts of hundreds of prominent Middle Eastern political figures and activists across the region and in Europe. However, there’s no evidence (as of yet) to suggest that compromising information was leaked.
An iOS security update has since rendered it “far less effective,” according to U.S. intelligence contractors who worked with the UAE to breach the iPhones of diplomats, activists, and rival foreign leaders.