Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review
In a major announcement, the MIT Tech Review recently revealed that a former American security company is responsible for sharing a powerful iPhone hacking tool with the UAE. This tool reportedly enabled the Arab state to carry out a series of cyberattacks, nicknamed “Karma.”
Earlier on Tuesday, the U.S. Dept. of Justice updated the U.S. government’s investigations related to the Karma program. The authority shared that three American hackers agreed to pay penalties of up to $1.685 million for their involvement. Previously, the court had accused these suspects of helping the UAE successfully procure the aforementioned hacking tool from an unnamed seller.
In another report, MIT Tech Review revealed that sources identified the unnamed seller as a former cybersecurity company Accuvant. The company, which merged with Optiv some time back, supposedly built the iPhone-targeting tool and sold it to the UAE.
Responding to the allegations, Optiv’s Jeremy Jones remarked that the company had fully cooperated with the authorities. Further, he stated that the security firm “is not a subject of this investigation.”
As per the publication, the Optiv-Accuvant merger “sheds new light on the exploit industry as well as the role played by American companies and mercenaries in the proliferation of powerful hacking capabilities around the world.”
How Cyberweapons Hacked Into Numerous iPhones Of Key Targets
First discovered by Reuters in 2019, the iPhone-hacking software exploits iMessage’s vulnerabilities to get complete access to an Apple device. Interestingly, iMessage is eternally present on every iPhone, making it the favorite target for cyberattackers.
Apparently, the UAE used this iMessage exploit to hack into the devices of various people of national interest. As part of the Karma program, the Arab country spied on activists, dissidents, foreign diplomats, etc. Moreover, the hacking took place under the supervision of DarkMatter, which is a cover for the Arab nation’s cyber-espionage projects.
Although Optiv doesn’t explicitly offer hacking services to clients, the Accuvant employees that joined post the merger are still reportedly working on iPhone exploits. Fortunately, at the same time, Apple is also actively bringing improvements to iMessage’s security via iOS updates. However, superior hacking tools, such as Israel’s Pegasus, could trespass into an iPhone’s private data regardless.