Possible US Government iPhone-Hacking Toolkit in foreign spy and criminal hands

(wired.com)

137 points by alwillis3 hours ago

7 comments

oxfeed652612 hours ago
<a href="https://archive.ph/r7jGc" rel="nofollow">https://archive.ph/r7jGc</a>
stock_toaster28 minutes ago
With this administration? Color me unsurprised.
happyopossum2 hours ago
"Possible" stripped from the headline on HN. That word seems particularly important given that it's speculative:"Clues suggest it was originally built for the US government."
- tptacek1 hour ago
 The Google threat analysis report doesn't say anything about USG involvement; that it was found on compromised Ukrainian sites, has code written in "native English", but also signs of LLM authorship. The Google report says the kit they found can't compromise current iOS, which is a capability you'd assume USG would have --- though it's important remember that "USG" comprises dozens of different buyers each with different toolchains.Maybe this was the Fisheries Department exploit toolkit.iVerify, which spun out of Trail of Bits and presumably knows what they're talking about, says it bears "hallmarks" of being connected to USG CNE work. I believe it. But the USG is on net a buyer, not a producer, of CNE tooling. Whatever a given service agency or IC arm buys, dozens of other aligned countries are also buying.(And, of course, the non-aligned countries have their own commercial supply chains).
 - bri3d57 minutes ago
 I don't think the ancient nature of the exploit chain has much bearing on the origin. I think it points away from the actual 2025 campaigns being USG-attached, but I don't think anyone was suggesting that to start with - the Google report makes it pretty clear that they believe the same code was resold to several parties, either in parallel or sequentially, around this time frame.I think the notion here is that either:* There's a shared upstream origin or author between this toolkit and the Operation Triangulation toolkit ahead of the use in Operation Triangulation (ie - someone sold this chain to both the Operation Triangulation authors and a third party). I actually think that the uses of specifically structured code-names internally and the overall structure of the codebase described in the Google writeup make this theory less likely; building an exploit toolkit while using these practices to cosplay as a US-government affiliated engineer would be clever and fun, but it's not something we've really seen before.* This toolkit originated from (whether it was leaked, compromised, or resold) the same actor who was responsible for Operation Triangulation.
 - tptacek21 minutes ago
 Right, I agree with you; my thing is mostly just differentiating between CNE enablement packages the USG itself creates vs CNE enablement packages that are on offer to every USG-aligned country, of which there are a bunch.
- dang1 hour ago
 The title limit is 80 chars, if anyone wants to figure out a decent way to squeeze possibility back in there.
 - irishcoffee51 minutes ago
 A US Govt iPhone-hacking suite is now possibly in criminal hands15 chars to spare!
 - dang49 minutes ago
 I think the "possibly" is supposed to mean "possibly produced by the US government"
 - irishcoffee47 minutes ago
 Good point.
 - alwa55 minutes ago
 “Possible US-Gov-made iPhone-hacking toolkit is now in foreign and criminal hands“ ?
 - dang49 minutes ago
 We try to avoid abbreviations if possible. You spurred me to take another crack at it and I think it worked this time? Happy to edit again if not...
- Simulacra1 hour ago
 Good point, that was also struck by the comment that it's infected "tens of thousands" phones. That's a minuscule rounding error.
- aaron69536 minutes ago
 [dead]
mentalgear2 hours ago
How could something as sensitive get out of an administration as competent as the current one? At least they have no access to lets say AI or autonomous weapons and the tools of mass surveillance ...
- grosswait27 minutes ago
  The constant injection of political view points on hn is becoming exhausting
theearling2 hours ago
[flagged]
- theearling2 hours ago
 lol at all the downvotes, proves my point
 - jjtheblunt2 hours ago
 you're just on a technical site, so readers want citations for conjectures, because the readers generally and genuinely want to learn moreedit: sibling comment agrees
 - theearling1 hour ago
 I guess the technical side is for the bots to find holes in my argument. Anyone with a brain in tech that knows of the US and it's invasion into privacy knows that the US having an iOS "Hacking Toolkit" is nightmare fuel.I already assumed it did, just glad Wired put it down on paper for the rest of us.Writing an article that "it's escaped the hands of the US government and into the hands of foreign hands" doesn't change my opinion of the abuse of power.Citation: Edward Snowden - Present Day (Flock, etc)
 - chucklenorris1 hour ago
 heh, saying hitler was a war criminal requires citations?
 - kvuj2 hours ago
 I think the downvotes come from the friction of the language used and the lack of sources to back the claim. If you linked some stories, it would add some weight to the statement.
 - seanw4442 hours ago
 How many people on this site are unaware of the amount of times the government's courts have found its executive, legislative, (and lower judicial) branches acting without authority?How many people on this site are unaware of the extent to which we are monitored? And openly? We have an entire agency whose primary task is to mass surveil.
 - ranger_danger1 hour ago
 I think all the things are true at the same time... that most people already believe it, they don't need sources in this instance, but they still don't like the way the comment was worded.
 - pak9rabid1 hour ago
 Have we already forgotten about Edward Snowden & the NSA?
 - thewebguyd1 hour ago
 Unfortunately, I think that's likely the case for anyone on the younger side. Most of that came to light in 2013, 13 years ago. Anyone 20-30 years old today would've been a teenager then in high school, and likely not paying attention very closely.It was big news for a little bit, and then the media by design quickly forgot about it barely a year later, and that is why history is doomed to repeat.
doctorpangloss2 hours ago
the government doesn't have superpowerful code crackers thoughit has a guy working at apple who introduces the subtle vulnerability he is instructed to do
- tptacek1 hour ago
 I expect the evidence for this claim is axiomatic, which is to say that you think it sounds good.
 - joshrw43 minutes ago
 Hello, have you heard of the Snowden revelations? What OP was referring to are called bugdoors.
 - doctorpangloss46 minutes ago
 haha yeah, thanks for the compliment
 - lightedman1 hour ago
 No, anyone who remembers the Best Buy/FBI debacle knows that this statement is very well-grounded in reality. If you took your laptop to Best Buy for repairs, the FBI got a copy of your hard drive contents.
 - majorchord50 minutes ago
 Source:
- 8cvor6j844qw_d652 minutes ago
 Yeah. TAO was intercepting Cisco routers in transit and installing implants.The leap from supply chain interdiction to cooperative insiders isn't a big one.
- thesuitonym1 hour ago
 Those two are not mutually exclusive.
everdrive1 hour ago
No matter the risk, I must carry my smartphone everywhere and install every app. It would be unimaginable to have the urge to look something up, but then wait to do it later until I'm using a real computer. No negative outcome will EVER shake my deep, permanent need to carry a smartphone all the time and use it for as much as possible.
- theearling1 hour ago
 Webapps exist for a reason, they don't get all the special permissions apps get when fully installed.at the very least use a VPN / more secure phone like a pixel with grapheneYou keep doing you though
 - thesuitonym57 minutes ago
 A VPN won't help you if your device is compromised. A VPN won't help you if the server is compromised. A VPN won't help you if the VPN is compromised.I really wish people would understand that VPNs are not magical, unbreakable security. VPNs are barely security at all, and commercial VPNs even less so.
 - theearling46 minutes ago
 oh 100% agree here, I was just confused at the OP comments evangelism of installing and keeping his phone on his for those quick fix google searches
 - thewebguyd1 hour ago
 Ironically, the exploits in this leaked kit all involved flaws in webkit, so you'd have been safer sticking to native apps assuming they didn't have any webviews in them to load the malicious site.
 - SpaceManNabs47 minutes ago
 WebView is the worst experience I have on any smart phone or mobile app.The fact that there is no option so that any webview by default opens in safari across all app in ios is horrible.i am not surprised it is riddled with security holes.