The ex-Raven operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system. The tool has limits — it doesn’t work on Android devices and doesn’t intercept phone calls. But it was unusually potent because, unlike many exploits, Karma did not require a target to click on a link sent to an iPhone, they said.
In 2016 and 2017, Karma was used to obtain photos, emails, text messages and location information from targets’ iPhones. The technique also helped the hackers harvest saved passwords, which could be used for other intrusions.
Boldfaced emphasis added by me.
I remain convinced that every single person now has an intel file about them somewhere. Spying used to be a difficult profession. Now it’s all push-button and nearly effortless. And everyone online and everyone with a phone is spying on themselves without realizing it.