Former NSA operatives spied on the victims' iphone for the UAE

A couple of days ago, Reuters wrote a very interesting article about the Raven project (and specialized Karma software), which was created by former employees of the US National Security Agency (NSA).

Raven offered to its customers, using a vulnerability in Apple iMessage, to access data (photos, email, SMS and geolocation) on the iPhone of the victims.

With the help of specialized software Karma, a group of operatives Raven, in 2016-2017, carried out attacks commissioned by the Government of the United Arab Emirates in order to obtain information on activists, diplomats and foreign leaders (the victims were the Emir of Qatar, the Nobel laureate of the peace prize from Yemen, Turkish official persons, etc.).

The vulnerability that was used in Karma, allowed access to data without the need for the user to click on links or perform any other actions. Raven employee was enough to enter into the Apple ID system (phone number or email address), the victim's iPhone received a message, after which some software was installed and the data from the victim's phone began to be transmitted to the Raven server.

No details on what software was installed on the iPhone victims yet. There is an assumption that this software jailbroken the device to gain access to the data.

Regular news about individual cases of data leakage, promptly published on the information leakage channel.