Security researchers say a highly sophisticated iPhone exploitation toolkit dubbed “Coruna,” which possibly originated from a U.S. government contractor, has spread from suspected Russian espionage operations to crypto-stealing criminal campaigns. Apple has p…
The good guys need these tools to stop the bad guys. But we never counted on the "good" guys being incompetent. Don't worry folks, we'll solve the problems by adding even more surveillance to the state. Same thing applies here and this is even a real world example for anyone to point to if evidence needs to be provided. "Golden key"? You mean the master key the governments of the world have?No government will let an encryption scheme into general use that they can't open/decrypt.
All this has been chewed on since forever, and from the point of general security the case has been settled decades ago. if you find a bug and don't report it, it will eventually come to bite you in the ass, in proportion with the popularity of the platform the bug is deployed on. Nobody has ever demonstrated a case where hiding a bug on a popular platform to "catch the bad guys" has brought more good than bad.
But the powers that be cannot refrain from going the easier, more harmful way, because they bear no responsibility for the costs they inflict, even more so since certain "immunitay" and "pardon" decisions were made. No, but there are guys on your side and it's always better for you if they are better than the opposition. I can understand if, at this point when there's a military operation ongoing by a person with literal crusader tattoos and with officers reporting to him apparently explicitly briefing the hope that the operation will trigger the end of the world, some Americans don't think that the people on their side are the US security forces, however that doesn't change the point.
Nobody has ever demonstrated a case where hiding a bug on a popular platform to "catch the bad guys" has brought more good than bad. This is so obviously not the situation under discussion here, when we have someone's hiding it for nefarious purposes that I'm not even sure why it is even brought up. Staying on topic appears to be of late a rare skill that is increasingly hard to master. Staying on topic appears to be of late a rare skill that is increasingly hard to master.
Cognitive dissonance rules Slashdot. Everyone wants to believe they're smarter than everyone else, and they believe smart people don't make mistakes (which alone proves they aren't smart) so they don't believe they could be wrong. The general unwillingness to admit one is wrong is the semaphore symptom. Someone will straight tell you that they know what they're talking about and you don't, then you will destroy their argument and then they just go away until the next time they decide to insult your intellig Yeah.
Most of the time I'm not even motivated to get into an argument anymore, it is, like, their opinion, man. No, but there are guys on your side and it's always better for you if they are better than the opposition. I can understand if, at this point when there's a military operation ongoing by a person with literal crusader tattoos and with officers reporting to him apparently explicitly briefing the hope that the operation will trigger the end of the world, some Americans don't think that the people on their side are the US security forces, however that doesn't change the point.
They're fascinated with the monster they see, and thus, think they can defeat: They never prepare for failure and consequences. Mostly because, as you note, it isn't a personal cost. Nobody has ever demonstrated a case where hiding a bug on a popular platform to "catch the bad guys" has brought more good than bad. Well..they could tell you about it. But policy dictates they'd have to kill you first.
Which would kinda make you wonder who the good guy was all along..understandably. Well, they wouldn't, would they. We don't generally hear about successful intelligence operations. We certainly won't hear about any where revealing the success would compromise the tool that brought it about. "Nobody has ever demonstrated a case where hiding a bug on a popular platform to "catch the bad guys" has brought more good than bad." Well, they wouldn't, would they.
We don't generally hear about successful intelligence operations. We certainly won't hear about any where revealing the success would compromise the tool that brought it about. Hacked Tehran Traffic Cameras Fed Israeli Intelligence Before Strike On Khamenei [slashdot.org] To be fair, the security cameras used in Iran probably aren't used elsewhere, and there isn't enough detail to know if they compromised them through vulns or through gaining passwords by physical infiltration, turning foreign agents, compromising people with access, computer hacking, or other means.
So I guess there's some possibility that knowing about it wouldn't compromise the tools used to gai I think another reason it didn't need to be secret was that the people who would have needed to know are now dead. Plus, the lack of details you noted. That they took over the cameras doesn't tell you much about how, and the how is the secret bit. I remember when crooks had to actually find and remove tangible items – money, or jewellery and other goods – in order to steal wealth.
Then came credit card theft which, bad though it was, had nothing on the cyber-theft described in TFA. Additionally, it's oh-so-nice to learn that the US government probably funded the development of this hacking tool. American tax dollars at work helping criminals – gotta love it. Additionally, it's oh-so-nice to learn that the US government probably funded the development of this hacking tool. Don't forget that it's probably also only possible because they are withholding knowledge of zero-days.
The NSA's stated job is to protect our nation's communications, then they find vulnerabilities and don't report them so they can use them as back doors, completely betraying their mission and therefore also the American people. No those a true patriots. And if you disagree we will send ICE over to your house to check your papers. I don’t care. I have nothing to hide, and I’m not a billionaire nor a celebrity.
🙂 "The exploits were integrated into a previously unseen JavaScript framework that used simple but unique JavaScript obfuscation techniques." "Built for", means they paid a vendor for it. "Purchased by", means they paid a vendor for it. I think what they meant was, "a hacking kit built or purchased by the US government." That would mean that either they bought it or one of the agencies built it themselves, which fits the implication that it was created by an entity with state-level resources.
When useful tools are used often enough to be known, it's natural someone will collect then use them. Poor tradecraft."we noticed an instance where the actor deployed the debug version of the exploit kit, leaving in the clear all of the exploits, including their internal code names." Apple has patched all the exploits, and automatic system updates were enabled by default in 2023."The exploit kit is able to target various iPhone models running iOS version 13.0 (released in September 2019) up to version 17.2.1 (released in December 2023)" There may be more comments in this discussion.
Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Summary
This report covers the latest developments in iphone. The information presented highlights key changes and updates that are relevant to those following this topic.
Original Source: Slashdot.org | Author: BeauHD | Published: March 4, 2026, 3:00 am
Leave a Reply
You must be logged in to post a comment.