Possible US Government iPhone Hacking Tool Leaked
Wired writes (alternate source ): Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it visits a website containing the exploitation code. In total, Coruna takes advantage of 23 distinct vulnerabilities in iOS, a rare collection of hacking components that suggests it was created by a well-resourced, likely state-sponsored group of hackers...
Security researchers at Google have recently released a report detailing a sophisticated iPhone hacking toolkit known as "Coruna." This toolkit, which includes five complete hacking techniques, is capable of bypassing all defenses on an iPhone to silently install malware when the device visits a website containing the exploitation code. Coruna leverages 23 distinct vulnerabilities in iOS, a rare collection of hacking components that strongly suggests it was developed by a well-resourced, state-sponsored group of hackers.
The existence of Coruna has raised concerns about the potential for advanced persistent threats (APTs) and nation-state actors to exploit these vulnerabilities. The toolkit's sophistication and the number of vulnerabilities it targets highlight the need for continuous security updates and robust defenses against such sophisticated attacks.
One of the intriguing aspects of Coruna is that its code appears to have been originally written by English-speaking coders, as noted by iVerify's cofounder, Rocky Cole. Cole's analysis suggests that the toolkit bears the hallmarks of other modules publicly attributed to the US government. This development marks the first instance of US government-based tools being used by both adversaries and cybercriminal groups, raising questions about how such tools have been lost or leaked.
TechCrunch has reported that Coruna is indeed of US origin, citing two former employees of government contractor L3Harris. These employees claimed that the company's hacking and surveillance tech division, Trenchant, was involved in the development of the toolkit. Both former employees spoke anonymously, as they were not authorized to discuss their work for the company.
The speculation surrounding Coruna's leak involves an employee of Trenchant allegedly selling the toolkit to the Russian government. This incident underscores the risks associated with the development and distribution of advanced hacking tools, particularly when they fall into the wrong hands.
The discovery of Coruna serves as a stark reminder of the ongoing arms race between state-sponsored hackers and security researchers. As technology continues to evolve, so too do the tactics employed by malicious actors. The ability to detect and mitigate such threats requires a proactive approach, as well as a commitment to transparency and collaboration among security professionals and governments worldwide.
In conclusion, the leaked iPhone hacking toolkit, Coruna, presents a significant challenge to the security of iOS devices. Its sophisticated design and the number of vulnerabilities it exploits suggest a high level of expertise and resources, likely from a state-sponsored actor. The potential for such tools to be misused by adversaries and cybercriminals highlights the need for robust security measures and continuous vigilance in the face of evolving threats. The involvement of US government contractors in its development further complicates the issue, raising questions about the oversight and control of such tools. As the technology landscape continues to shift, the importance of safeguarding against such sophisticated attacks cannot be overstated.
