The tool cool is activated by simply loading the phone number or the email of the intended target, the target need not click on any link. Most of the spy tools work by fooling users to click on malicious link hence gathering their device’s sensitive information.
According to the Reuters report, through the spy tool, UAE government was able to access emails, text messages, photos, location, passwords of the users which can be used further for other attacks. They said “A team of former U.S. government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma […]
The […] operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system. The tool has limits — it doesn’t work on Android devices and doesn’t intercept phone calls. But it was unusually potent because, unlike many exploits, Karma did not require a target to click on a link sent to an iPhone”
There was no specific information available on how this tool worked but it was iPhone-specific and the UAE government paid to develop Karma to the agency.
According to the Reuters report, Karma was more effective in 2016 and 2017. “It isn’t clear whether the Karma hack remains in use. The former operatives said that by the end of 2017, security updates to Apple Inc’s iPhone software had made Karma far less effective”, it further added “Tools like Karma, which can exploit hundreds of iPhones simultaneously, capturing their location data, photos, and messages, are particularly sought-after, veterans of cyberwarfare say. Only about 10 nations, such as Russia, China, and the United States and its closest allies, are thought to be capable of developing such weapons, said Michael Daniel, a former White House cybersecurity czar under President Obama.”
Both UAE government and Apple refused to comment.