Reuters has published a piece based on a series of interviews that they conducted with several U.S. government intelligence operatives. The revelations include the deployment of a highly sophisticated spying tool called Karma, to spy on activists, political personalities of foreign countries, diplomats, and anyone else that the United Arab Emirates wanted to spy on. Examples of high-profile snooping targets that were spied in 2016 and 2017 include the Emir of Qatar, Turkey’s former Deputy Prime Minister Mehmet SimSek, Oman’s head of foreign affairs, and the Yemeni Nobel Peace laureate human-rights activist Tawakkol Karman.
The Karma tool is able to gain access to remote iPhones by using phone numbers or email accounts as an input. This means that targeting anyone would be as easy as knowing his/her phone number or email address. The tool is specialized in the spying of iPhone devices, taking advantage of a flaw in Apple’s iMessage system, while it doesn’t work on Android at all. The operation of Karma is likely based on the implantation of spyware on the target’s phone, after sending a message that the user doesn’t even have to open. Nobody knows exactly how Karma works, as UAE bought it from a foreign, unknown source.
Every day, the operatives just fed the tool with new targets, and the information flooded in like a refreshing creek. The spying spanned over hundreds of iPhone devices simultaneously, and the data that was transmitted include location data, text messages, emails, and even sexually explicit photos. The only thing that Karma can’t intercept is phone calls, but what it offers is already extremely valuable in cyber warfare. As one of the former operatives put it: “It was like, we have this great new exploit that we just bought. Get us a huge list of targets that have iPhones now. It was like Christmas.”
The United Arab Emirates is obviously not the only country which allegedly possesses and utilizes a cyberweapon of this power magnitude. Russia, China, and the United States are all thought to be capable of developing cyber warfare weapons, while this particular case highlights that even smaller countries can get their hands onto these weapons if they pay enough for it.
Shocked by the revelations about how the Emirati government spied on her, Tawakkol Karman stated the following: “Americans are expected to support the protection of human rights defenders and provide them with all protection and security means and tools, not to be a tool in the hands of tyrannies to spy on the activists and to enable them to oppress their peoples.”
As this is yet another day in the row that a news story bashes Apple’s pompous claims on the security of their devices, it will be interesting to see how the company will react to it, and whether they will clarify where the security flaw exactly is.
For the Reuters investigation in English click here