In a project named 'Project Raven', the UAE government used a cyber tool to hack into the iPhones of activists, diplomats and rival foreign leaders.
Karma apparently is a tool that could remotely grant access to iPhones, without requiring the target to click on a link sent to the iPhone, simply by uploading phone numbers or email accounts into an automated targeting system. However, it doesn’t work on Android devices and doesn’t intercept phone calls. it relied apparently on a flaw in Apple's messaging system iMessage.
The flaw allowed for the malware to be implanted on the iPhone through the iMessage. Even if the phone's owner didn't use the iMessage, it still enable the hackers to establish a connection with the device. To initiate the compromise, Karma needed only to send the target a text message – the hack then required no action on the part of the recipient.
The UAE government apparently purchased Karma from an outside source. Its creators and origins however, remains a mystery to-date. Project Raven was launched in 2016 apparently helped the UAE government to obtain photos, emails, text messages and location information from the targets' iPhones.
It is indeed frightening for citizens of a country. Governments everywhere were talking about beefing up their cybersecurity posture and protecting the personal data of their citizens from being exploited by cyber criminals and to hear and read news of a government using the same strategy which they proclaimed were to protect their citizens on them is indeed troubling.
