Slashdot Mirror

← Back to Stories (view on slashdot.org)

UAE Used Cyber Super-Weapon To Spy on iPhones of Foes (reuters.com)

Posted by msmash on from the closer-look dept.

Reuters reports: A team of former U.S. government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma, in a campaign that shows how potent cyber-weapons are proliferating beyond the world's superpowers and into the hands of smaller nations. The cyber tool allowed the small Gulf country to monitor hundreds of targets beginning in 2016, from the Emir of Qatar and a senior Turkish official to a Nobel Peace laureate human-rights activist in Yemen, according to five former operatives and program documents reviewed by Reuters. The sources interviewed by Reuters were not Emirati citizens.

Karma was used by an offensive cyber operations unit in Abu Dhabi comprised of Emirati security officials and former American intelligence operatives working as contractors for the UAE's intelligence services. The existence of Karma and of the hacking unit, code named Project Raven, haven't been previously reported. Raven's activities are detailed in a separate story published by Reuters today. The ex-Raven operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system. The tool has limits -- it doesn't work on Android devices and doesn't intercept phone calls. But it was unusually potent because, unlike many exploits, Karma did not require a target to click on a link sent to an iPhone, they said.

19 of 62 comments (clear)

  1. So, is FaceTime... by forkfail · · Score: 2

    ... now considered to be a Cyber Super-weapon?

    --
    Check your premises.
    1. Re: So, is FaceTime... by Anonymous Coward · · Score: 1

      He is new. He thinks it funny when he gets a FaceTime call and he answers talk to the hand

  2. Something smells... by Anonymous Coward · · Score: 1

    Phone numbers or email addresses gave full access to a phone? Having a hard time buying this.

    1. Re:Something smells... by Anonymous Coward · · Score: 1

      Maybe the automated system sends an evil SMS or email that uses some undisclosed low-level Apple vulnerability.

    2. Re:Something smells... by sjames · · Score: 2

      No, they send the email or phone number of the targeted phone to a 'targeting system'. That system then performs the exploit that grants access.

  3. What was the flaw? by Anonymous Coward · · Score: 2, Interesting

    Anyone have an idea what specific iMessage bug allowed malware to run on the device? Because that sounds like an absolute doozy of a hole.

  4. Cyper super-weapon? by KixWooder · · Score: 1

    Cyber?! Is it 1996?

    --
    I hate fat people.
    1. Re:Cyper super-weapon? by Aighearach · · Score: 1

      Used cyber isn't a super-weapon, it is just a log. Sorry.

      But if it was from 1996, that's vintage now. Consider publishing.

    2. Re:Cyper super-weapon? by mentil · · Score: 1

      Be glad it's not an Electro Techno-Tron Compu-Cyber Super-Info-Weapon, or we'd all be doomed. Only Sandra Bullock, Will Smith, and/or Keanu Reeves could possibly save us.

      --
      Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
  5. Warning to government spies by Dutch+Gun · · Score: 2

    Karma is a bitch.

    --
    Irony: Agile development has too much intertia to be abandoned now.
    1. Re:Warning to government spies by presearch · · Score: 1

      More accurately, they were Karma's bitch.

  6. If you are concerned by JeffOwl · · Score: 4, Informative

    Don't use an off the shelf smart phone. People are concerned about this stuff, but the root cause is them putting too much trust in the device and therefore the people behind it. I really don't know what the UAE internal laws say about this sort of thing, and if it is illegal, of course they should stop it, but would you really trust them to do so, even if directed by a judge? If you are the kind of person the government is going to be interested in, you really need to take care with your communications.

    1. Re:If you are concerned by nnull · · Score: 2

      I stopped using my phone for anything important. Emails I can do on my other devices. Photos, I can do with a standalone camera which takes WAY better pictures, because they've gimped phone cameras to 12Mp. Web browsing? Banking? GPS? I'll just do what I used to do 10 years ago. The impact of losing this convenience over a single device that fits in my pocket for me is very minimal. I even stopped allowing phones in our meetings. I'm pretty positive corporate and industrial espionage now happens on a regular basis thanks to these smart phones.

      Ever since phone manufacturers started preventing rooting your phones in the US and the PR posting about how I shouldn't ever have to worry about rooting ever again, I stopped trusting them. Only phone I might look forward too is the Librem 5, but not putting high hopes into that. This whole deal with the UAE just confirms what we've always known.

  7. Who benefits? by petes_PoV · · Score: 1

    The tool has limits -- it doesn't work on Android devices

    So now we know what the Android marketing department has been doing recently

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  8. Thank god they're working for a government by Opportunist · · Score: 2

    Else one could think this might be illegal.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Thank god they're working for a government by Opportunist · · Score: 3, Insightful

      Usually I'd have to break a law before I get arrested. What laws did the people under surveillance break? Or, wait, we're dealing with the UAE, a country where laws is basically "whatever whim the sheik comes up with".

      Ok, never mind.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Thank god they're working for a government by nnull · · Score: 1

      How dare you! Apologize now!

    3. Re:Thank god they're working for a government by grep+-v+'.*'+* · · Score: 1

      where laws is basically "whatever whim the sheik comes up with".

      It's good to be the King. Magna Carta, anyone? Of course they're the ones that need to do it.

      It's good...

      --
      If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
    4. Re:Thank god they're working for a government by Opportunist · · Score: 2

      I'm great at offering fake apologies, but first I'd have to know what for.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.