A report from Reuters Investigation claims that there is an powerful iPhone hacking tool called “Karma” that has been used by the UAE government for the purpose of remotely hacking those iPhones of people in key interest.
Former US Intelligence members working for the UAE were said to have developed the tool to monitor targets starting in 2016. This is the first time a report has been released about the tool’s existence. According to the report, Karma could remotely access iPhones by entering a phone number or email address into a system.
In 2016 and 2017, the tool could access photos, emails, text messages, and location information from the target’s device without their knowledge since the tool didn’t require a link or exploit to be triggered by action of the target.
Apple iPhone 6S (2015)
According to former operatives, the tool relied on a flaw in iMessage that let the offender break into the target’s secure information. Apparently, Karma only needed to send a text message to the target to access the data. The way the tool actually worked is still unclear, but we do know it only worked on iOS devices since it relied on an iMessage vulnerability.
It isn’t clear whether the tool still works on the current iOS version, but former operatives said that an Apple security update in late-2017 made Karma significantly less effective.
Both Apple and the UAE declined to comment on the report. This news is not coming at a good time for Apple. Just this week, a major Facetime bug was discovered and today, Apple posted a 15% decline in iPhone sales revenue compared to the last holiday season.
It remains to be seen whether the tool actually existed and whether Apple knew about such a tool (should it have existed). We’ll update this post should Apple release a statement in response to the report.