In a major announcement, theMIT Tech Reviewrecently revealed that a former American security company is responsible for sharing a powerfuliPhonehacking tool with the UAE. This tool reportedly enabled the Arab state to carry out a series of cyberattacks, nicknamed“Karma.”
Earlier on Tuesday, the U.S. Dept. of Justice updated the U.S. government’s investigations related to theKarmaprogram. The authority shared that three American hackersagreed to pay penaltiesof up to $1.685 million for their involvement. Previously, the court had accused these suspects of helping the UAE successfully procure the aforementioned hacking tool from an unnamed seller.
In another report,MIT Tech Reviewrevealed that sources identified the unnamed seller as a former cybersecurity company Accuvant. The company, which merged with Optiv some time back, supposedly built the iPhone-targeting tool and sold it to the UAE.
Responding to the allegations, Optiv’s Jeremy Jones remarked that the company had fully cooperated with the authorities. Further, he stated that the security firm “is not a subject of this investigation.”
As per the publication, the Optiv-Accuvant merger “sheds new light on the exploit industry as well as the role played by American companies and mercenaries in the proliferation of powerful hacking capabilities around the world.”
How Cyberweapons Hacked Into Numerous iPhones Of Key Targets
First discovered by Reuters in 2019, the iPhone-hacking software exploits iMessage’s vulnerabilities to get complete access to an Apple device. Interestingly, iMessage is eternally present on every iPhone, making it the favorite target for cyberattackers.
Apparently, the UAE used this iMessage exploit to hack into the devices of various people of national interest. As part of theKarmaprogram, the Arab country spied on activists, dissidents, foreign diplomats, etc. Moreover, the hacking took place under the supervision of DarkMatter, which is a cover for the Arab nation’s cyber-espionage projects.
Although Optiv doesn’t explicitly offer hacking services to clients, the Accuvant employees that joined post the merger are still reportedly working on iPhone exploits. Fortunately, at the same time, Apple is also actively bringing improvements to iMessage’s security via iOS updates. However, superior hacking tools, such as Israel’sPegasus, could trespass into an iPhone’s private data regardless.
