This is big. Most hacking requires the phone user to click on something. This doesn’t, and the suggestion is that many government agencies have been using it.
Karma reportedly didn’t work on Android devices, but was deemed especially powerful as it could plant malware on an iPhone without requiring an action from the target. Three former operatives said the tool relied partially on a flaw in iMessage. All it supposedly took to trigger the breach was for a text message to be sent to the target device using the cyber-tool.
…Ultimately, the tool was apparently used to gain entry into the accounts of hundreds of prominent Middle Eastern political figures and activists across the region and in Europe.
In a separate Reuters exposé, Lori Stroud (a former NSA staffer who later joined Project Raven) said Karma was also used to spy on American citizens.
https://www.engadget.com/2019/01/30/uae-surveillance-iphone-hacking/