top of page

The Vulnerabilities of iPhones and why you need a secure device

Updated: Jan 15

A team of former U.S. government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma, in a campaign that shows how potent cyber-weapons are proliferating beyond the world’s superpowers and into the hands of smaller nations. Whether these users were taking any active security measures at all is unknown.

The cyber tool allowed the small Gulf country to monitor hundreds of targets beginning in 2016, from the Emir of Qatar and a senior Turkish official to a Nobel Peace laureate human-rights activist in Yemen.

Karma was used by an offensive cyber operations unit in Abu Dhabi comprised of Emirati security officials and former American intelligence operatives working as contractors for the UAE’s intelligence services.

The operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system. The tool has limits — it doesn’t work on Android devices. It also does not apply to such scenarios in which the user has an encrypted iPhone, without the iPhone being "rooted". Our devices are all non-rooted, which maintains the security integrity of the device fundamentally. SecureCrypt then only enhances this security by activating the device in our closed, and private eco-system, network, and secure cellular network, which most providers overlook. We do this using our self-managed instance of Blackberry UEM.

In 2016 and 2017, Karma was used to obtain photos, emails, text messages and location information from targets’ iPhones. The technique also helped the hackers harvest saved passwords, which could be used for other intrusions.

It isn’t clear whether the Karma hack remains in use.

Tools like Karma, which can exploit hundreds of iPhones simultaneously, capturing their location data, photos and messages, are particularly sought-after.

If nation state leaders and diplomats can be compromised so easily; what does that mean for the everyday user of an iPhone?

The only secure iPhone, is an encrypted iPhone using the SecureCrypt Encrypted Communications App in our Android / iOS eco-system, powered by Blackberry UEM.

If you are a government agency, an activist, a journalist, a lawyer with high profile clients, a doctor, a celebrity, or an individual working in a sensitive industry, you may become a target for hacking and spying.

Regular calls and SMS messages are not encrypted, thus leaving you wide open to such a long list of attacks, we cannot begin to list them all.

SecureCrypt offers true military grade, 512-bit ECC end-to-end encryption, and a secure operating system which makes it impossible to such attacks like the bypassing of encryption altogether, SMS attacks, SS7 attacks, MiTM attacks, cold boot attacks, and many others.

If you need true security, please contact us immediately so we can secure your communications.


bottom of page