UAE Allegedly Spies on Neighbors Using iPhone Espionage Tool
Seems like Apple is not having a good week, fresh from the iPhone Facetime bug that allowed eavesdropping of calls, which forced them to shut down Facetime group chat servers, the tech giant is also at the center of espionage controversy. It has something to do with iPhones being vulnerable to an espionage tool known under the name of ‘Karma.’ This espionage tool was used against United Arab Emirates’ rivals, critics and dissenters, particularly foreign representatives and diplomats antagonistic of UAE.
Allegedly, ex-American intelligence staff was hired by UAE in order to spy on Turkish and Qatar political leaders. As contractors of UAE intelligence agencies, these former U.S. intelligence staff organized themselves under the code name Project Raven. Using Karma tool, information stored in a vulnerable iPhone device can be extracted by simply checking it against the program. Due to infrastructure differences between an iPhone and Android device, the current Karma version available to Project Raven members were not able to compromise the latter.
“What we’ve learned about Project Raven raises significant concerns over the lengths to which the UAE will go in targeting journalists, and the involvement of former U.S. intelligence officials is also disturbing. Emirati officials must stop targeting the press at home and abroad, and the U.S. must make it clear to their allies that hacking journalists’ phones is not a legitimate counterterror strategy,” emphasized Committee To Protect Journalist Middle East Coordinator Sherif Mansour.
Karma, when used by a competent user can easily extract SMS messages, emails, pictures and location history from a vulnerable iPhone. Apple has been patching iOS in order to lessen the unnecessary permissions gained by a tool like Karma, hence the current version of Karma is less powerful today than it was way back in 2017. “It was like, ‘We have this great new exploit that we just bought. Get us a huge list of targets that have iPhones now. It was like Christmas,” explained Lori Stroud, a former member of Project Raven.
For years, UAE is not having a great diplomatic relation with its neighbors in the Gulf, particularly with Saudi Arabia and Qatar, treating them as rival nations in many industries. The use of Karma opens the fact that iPhone is not the most secure and private mobile platform contrary to the press release of Tim Cook, Apple’s CEO. Accusing other rival platforms as ‘less secure’ makes the Tech giant look like a hypocrite, let alone totally speaking beyond it can provide when Karma tool became public knowledge.
With Karma, UAE has a weapon to extract iPhone information in parallel, if they do so wish. Other than UAE, countries such as the United States, Russia and China have similar tools at their disposal under the terms of top state secret. At the time of this writing, no representative from UAE’s government is willing to deny or confirm the claims about the existence of Karma and Project Raven. Apple on their end is still busy fixing the Facetime bug issue and the company has yet to comment about this particular case.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.