Apple Alerts Exploit Developer That His Iphone Was Targeted with Gov Spyware
Posted3 months agoActive2 months ago
techcrunch.comTechstoryHigh profile
heatednegative
Debate
80/100
CybersecuritySpywareGovernment Surveillance
Key topics
Cybersecurity
Spyware
Government Surveillance
Apple alerts an exploit developer that his iPhone was targeted with government spyware, sparking a discussion about the ethics of developing exploits and the consequences of being targeted by one's own creations.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
8m
Peak period
64
0-3h
Avg / period
14.4
Comment distribution144 data points
Loading chart...
Based on 144 loaded comments
Key moments
- 01Story posted
Oct 21, 2025 at 11:52 AM EDT
3 months ago
Step 01 - 02First comment
Oct 21, 2025 at 12:00 PM EDT
8m after posting
Step 02 - 03Peak activity
64 comments in 0-3h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 23, 2025 at 12:52 AM EDT
2 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45657302Type: storyLast synced: 11/20/2025, 8:00:11 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Leopards ate my face moment?
They're not developing these tools to NOT use them...
1. Most of us in this segment of the industry recognize the risks
2. He is absolutely not the first person targeted by this
3. This article sounds like it's part of a wrongful termination suit by Gibson based on the context provided
It is really about a perceptual flaw in pre-fascist democratic behavior: people believing themselves to be a part of the protected class because they voted for it.
It seems to apply here because someone profiting from the creation of tools used on others by people with money/power has them used on him by the government.
tldr; it is a subset of you reap what you sow, with more specificity and punch
People vote for "leopards eating face" party because they want leopards to eat other peoples faces. You're relying on that party to do something they didn't say (it's not "leopards eat everyone else's face but not yours" party)
If you vote for a party to build a monument, then they build a monument, that's reaping what you sow.
> 'I never thought leopards would eat MY face,' sobs woman who voted for the Leopards Eating People's Faces Party.
* https://twitter.com/Cavalorn/status/654934442549620736
Why does he think that will help against a state-backed adversary?
> Why does he think that will help against a state-backed adversary?
What are his alternatives?
I don't really see any alternatives. Do you?
There's a whole continuum.
Other than 2FA, text messaging is easy to get rid of.
You still use it to make calls, so yeah, they can track you that way. You can keep the phone off most of the time, though. People close to me know that they're more likely to reach me by calling my home phone.
What else does one really need a phone for?
Navigation? Do what I did: Get another phone that never has a SIM card and use an offline app.
Camera? The same. But really, life is very doable without a camera to begin with!
The only reason I need a phone is 2FA.
But 100% you can still find alternatives, its just about how much stuff you wanna carry around with you right?
This does not imply that it is easy to track everyone everywhere at all times. I guess most targeted ones would like to protect their communication, and even meetings in person are possible if you keep some safeguards.
If you are actually security conscious, the only setup that works is have a public facing phone and a private phone that is custom rooted, de googled, and you control everything that runs on it.
Does that really not make sense?
If he's running iOS he can also enabled Lockdown Mode on the new phone to block most types of attacks.
And later,
> Without a full forensic analysis of Gibson’s phone ... it’s impossible to know why he was targeted or who targeted him.
> But Gibson told TechCrunch that he believes the threat notification he received from Apple is connected to the circumstances of his departure from Trenchant ...
I find it funny that (1) this guy never thought this would happen to him (2) this guy has the balls to talk to media about this but fears retaliation
I mean, seriously, those who want to know your real name already know it.
Generally, if you develop exploits, you should be completely aware of every single possible attack vector. If you are working for a company like Trenchant, and you know what you are doing, the last thing you do is use Apple devices (at least fully, most of the time you have a public phone and much more secure private phone)
The reason is, when you take an Apple phone, connect it to a router that proxies through a computer so you can inspect traffic, you can see the vast amounts of shit being sent back to Apple which you have no control of.
Meanwhile, if you do the same with my custom rooted, de-googled android phone that I take overseas, you will see only ntp traffic, and that is only so I don't have to deal with cert issues because my clock is wrong.
(From https://security.apple.com/research-device)
Another reason not to work at places like this.
First line says "personal phone". I presume MDM on a work phone could do most of the things they'd be interested in, without the risk of setting off an alarm like this. Anyone have speculation about a reason for an employer to pwn a phone that's already on their MDM?
- Exploit developer makes and plays with exploits on their phone
- Apple notices this, warns them that there is spyware on their phone
- Exploit developer somehow thinks it is governments hacking into their phone
Interesting kind of payback. What does he think happens to the people whom the exploits he develops target?
I’m kidding of course
If these companies have no qualms using their exploits against their own employees they'll have absolutely no problem using them against members of Congress, the Courts, investment banks, tech leaders, and anyone with any sort of power. This gives them the ability to blackmail some of the most powerful people in the world.
edit: And that's not even mentioning their reported "intended use" against dissidents and journalists.
I get where you're probably coming from: this same technology is used all over the world to target journalists and dissidents in countries with and without the rule of law. A very real concern. I wouldn't do this kind of work either (also, it's been over a decade since I had the chops even to apprentice at it).
But there are very coherent reasons people are comfortable doing this work for NATO countries. Our reflexive distrust of law enforcement and intelligence work is a fringe belief: a lot of families are very proud to include people working in these fields.
The most important thing I guess I'd have to say here is: our opinion of this stuff doesn't matter. At current market rates every country in the world can afford CNE technology, and it's a market well served by vendors outside of NATO.
It very much does matter. If more people refuse to do this type of work, it eventually won't be done to the required standard. People would cut family ties and this would stop fast.
How do you know this?
This is kind of like saying "if people wouldn't murder other people then..."
"Bad" kind of work always finds bodies to fill it's spots. Boycotts of a particular business might work, but a type of work won't, especially when there is decent money on the table. And then when you start adding in people that had previous run ins with law enforcement and find it hard to get a "legit" job and get a decent offer from a place like this, they'll have no problem taking it.
Case in point: In 2007 Germany passed a "hacking law" (§202c). On its face, it was supposed to prevent black hat work. Except it very predictably also did enormous damage to security research.
Slippery slopes don't justify anything. You might not care enough to make a difference, but many people do and your justification rings hollow to everyone that's potentially a victim. You wouldn't say this about nuclear proliferation, so why make a carveout for digital mercenary work? Because it's "harmless"?
I don't know what your goal is with this statement but it certainly doesn't make me feel any better. If you're this emotionally invested in the topic, it might be best for your own optics to not chime in.
The onus is on Apple and their userbase to protect their own computers, not the rest of society to patrol and regulate unstoppable "information crime" against them
However I don't agree with the repercussions of this, which are the same ones that make all reasonable people, security experts included, oppose EU's ChatControl or the UK's backdoor requests: There is no way to ensure and protect the people that need protection, as there is no way to ensure that only "the good guys" have it.
We tend to bullshit ourselves into believing that because spyware software like Predator are weapons, meaning that only countries would be allowed to buy them and use them (same way that Jeff Bezos cannot buy and use an F-35 for example). We see though, that certain individuals _can_ get their hands on these things and use them however they want.
For example, 3 years ago someone adjacent to the greek government bought and used Predator against MEPs, journalists, army generals, mafia bosses, MPs of opposing parties and even MPs of their own, ruling, party. The greek government of course denied that they did it, and they said that this individual did not act under the instructions of the government (though they then changed the law to prevent anyone for learning details about it, but that's a different story).
So, apart from adopting the same approach as with ChatControl and encryption backdoors, i.e. banning them, I don't know how we could protect ourselves against them.
The OP did say "...for resale in good conscience."
I personally read that as the commercial companies that allows anyone to buy the product off the shelf for the right price -- including governments, but also rogue elements. Bad actors, groups, or even people engaged in abusive domestic practices (customers without the time, experience, or resources to do it in-house). Not the people who work directly under government agencies developing these things for State level intelligence/ops
you, sadly, internalized a state humanity adopted after wwii, were the anti red propaganda told everyone that of you could illegally burn a forest down to then buy a Ferrari, it was the best course of action because if you didn't do it, someone would.
thankfully people like you are being ostracized, albeit too slow, and pointed out as what you really are: agentless weak oportunists.
At the political level things don’t operate like some cartel, sort of certain places and certain rather narrow regions of the world where it may take some additional motivating to do the right thing for themselves.
Tell that to Epstein.
> I've even caught them using their exploits on me after they made me an offer
Not only for exploit companies that eat their own dog food, nor only cybersecurity jobs, but I've heard of this happening to people interviewing for other tech area considered strategic.
The noticed ones weren't that subtle, and were presumably noticed because the attacker wasn't using the best methods, but maybe more routine SOP for lower-value targets.
I have no idea what the actors and motivations actually were. Speculation:
* the hiring company or its country, vetting the candidate by spying on them, including for corporate/national counterintelligence reasons (it's really not much different than a lot of the sneaky surveillance capitalism vetting that many companies quietly do, just unambiguously illegal in this case);
* the hiring company, spying to monitor the competitive offer situation (e.g., what counteroffers or concerns does the candidate have);
* other state, individual, and possibly corporate actors, for whom the imminent offer flagged the target as worth keeping an eye on (for, e.g., advance access to research they do individually, knowledge of attacks they do individually, possible technical entry point to the job-offering organization or others, or kompromat for getting access/actions); or
* random associated individuals acting on their own, recreationally enjoying the power over others that their cracking toys give them (which at least used to be not too uncommon, before cybersecurity was professionalized, when there were proportionally much more teens and alienated people, and they hadn't yet been told about color-coded hats for prefabricated codes of behavior from which they could choose; now, most people with skillz have the carrot of a lucrative job or respected status as researcher that they can pursue, instead of seeking power/status other ways and without guidelines).
Personally, I try not to work on strategic target areas, since I like to save my very limited guts for fighting product concepts and reliable systems into shape, not for being helplessly violated by lawless authoritarian institutions. Good luck.
This is too dangerous, it's the wild west
We live in a world full of threat-actors. We need exploits just like we need firearms and tanks and fighters and jets.
To mock the guy is just naive.
If you develop weapons, physical or digital, don’t be surprised if you end up on the receiving end.
Sure, cars are useful. But aiming to sell as many cars as possible is no more ethical than selling as many yachts as you can, especially if it involves making the living conditions worse for anyone who doesn't own a yacht, for example by bribing politicians, or destroying non-yacht-capable waterways.
Maybe not at Ford?
https://www.popsci.com/technology/tesla-lock-issue/
Firefighters recently resorted to breaking a Tesla’s window to free a 20-month-old child locked inside after one of the vehicle’s batteries died. The emergency rescue is the second of such incidents reported on this week by Arizona CBS news affiliate KPHO and reiterates the potential dangers of the EV company’s ongoing, under-addressed battery issues in extreme heat.
In July 2023, a 73-year-old man was reportedly forced to kick out a window in his Model Y after becoming trapped. A similar emergency occurred for a mother and her daughter in Illinois a few weeks later after renting a Tesla, while a California driver last month claimed she found herself stuck in her EV while waiting on an over-the-air software update that shut down her car. In the 40 minutes it took to complete the update, outside temperatures rose to 115-degrees Fahrenheit.
And yeah, if you know how, and can go through multiple steps: The only other workaround to battery issues appears to be a step-by-step solution in the owner’s manual that only opens a dead Tesla’s front hood by ostensibly hotwiring the car using external jumper cables. If this is the case, then people who find themselves locked out of their EV may need to continue relying on EMS—and their axes—until Tesla decides to address the glaring safety hazard.
1. This guy was targeted by spyware.
2. This guy was an iOS 0-day exploit developer and is involved with a bit of drama with his previous employer.
Everyone seems eager (including himself) on connecting the two, but why would the ex-employer go after him using illegal methods when they've agreed to a settlement and termination? Unless there's more to the story (which I strongly doubt) it seems to be combined mix of legitimate but misplaced paranoia and lashing out.
Not going to lie, this subject line would fit right in with the phishing messages and 419 scams in my Spam folder.
The Apple Support app, for example, has capabilities which when triggered from the Apple side, allow screen-sharing and logging to be shared with Apple. I don’t know if this functionality relies on iMessage being enabled either, but I do know that the Apple Support app seemingly still works in Lockdown Mode.
I’d be curious if the person in TFA had their device in Lockdown Mode, which supposedly is supposed to make these kinds of exploits harder to install. If they were using Lockdown Mode, and they still got exploited, that isn’t great news for the rest of us, but the fact that Apple notified them is better than the alternative of Apple not being aware of the breach and/or Apple being aware and not notifying them for reasons.
A better mechanism would surely be a push notification to the device, or one of the alert-based notifications used for earthquakes etc
push notification + out of band comms would be more ideal, time sensitivity is significantly important.
If I got a message in my iPhone saying it had been remotely disabled, I would take it to an Apple Store or authorized Apple Service Center, where they could tell me what should happen next. This would be inconvenient, to be sure, but it would be preferable to continuing to use the device.
> Two days after receiving the Apple threat notification, Gibson contacted a forensic expert with extensive experience investigating spyware attacks.
Surely as a professional "exploit developer", Gibson himself should have been about as expert at this particular niche as any human being on the planet already.
I mean, sure, absolutely he should have called in his friends in the community and gotten more eyes on the device. But the way that's written it sounds like he took it into the local Genius Bar.
It also, in context, feels a little obfuscatory. Like he's trying to flag the involvement of senior folks who he can't name.
From the inference of that logic, every developer should be able to use gdb or Windbg to ascertain where they shot themselves in the foot - but we know that this specific set of skills isn't inherently required to be a developer.
So, the same logic would be true here: Just because you can write a hand full of exploits, it doesn't inherently mean that you have the tools/know-how to be able to ascertain if any of all of the available exploits in the wild (or in private, re: tools for Trenchat) have been used on your phone.
Edit: gbd != gdb
The point was at this level of expertise and size of market ("detection of iOS zero day rootkits"), there simply isn't a pool of "experts" you can draw on to do this a-la contract work. It's a tiny world and everyone is fumbling around and asking for help independently. And as a member of that tiny world, Gibson surely knew who he needed to call already.
But that's not the way the article framed the interaction, which implies to me that there's more context at work here.
Sue them!
Nobody should be doing work for these scumbags, but people will always fall for their spiels and grifts, unfortunately, out of some naive sense of “doing good” or “getting the bad guys”. It’s always just “leopards ate my face”, though.
First read: "Apple's alerts somehow exploit a developer".
nth read: "Apple's alerts tell a developer of exploits that..."
I stopped when it became a game at that level. I refuse to be a government contractor…. It’s about not using software like this to kill people like Jamal Khashoggi.
F the dipshits at NSO and the turds at Corellium.
This is too dangerous, it's the wild west
Though the whole thing sounds more made up than legit.
I lol'd for a second imagining this is his actual name but the writer didn't realise it
> But the ex-Trenchant employee may not be the only exploit developer targeted with spyware .. there have been other spyware and exploit developers in the last few months