WikiLeaks has released ‘Dark Matter’, the latest batch of documents in its Vault 7 series, detailing the hacking techniques allegedly used by the CIA on Apple devices.
One of the most concerning of these is ‘NightSkies’, a tool dating back to 2008.
WikiLeaks says it was “expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.”
Whether agents gained access to Apple’s supply chain in order to carry this out is unclear, but WikiLeaks mentions it as a possibility.
“While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise,” it wrote in a press release.
WikiLeaks also says that NightSkies allowed the CIA to gain “full remote command and control” of iPhones and access files, such as text messages, call logs and contacts.
Also detailed in the new leak is ‘Sonic Screwdriver’ – named after Doctor Who’s trademark tool – described by the CIA as a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting”
The document, which dates back to 2012, describes how agents could infect a Mac with malware using a Thunderbolt-to-Ethernet adapter.
A 2009 file called ‘DarkSeaSkies’, meanwhile, details a hacking technique for the MacBook Air, and WikiLeaks says that the CIA could still be relying on ‘DerStarke’, a firmware attack dating back to 2013.
In the aftermath of the original Vault 7 document release, Apple released a statement saying that it had already addressed the majority of vulnerabilities allegedly exploited by the CIA.
“Apple is deeply committed to safeguarding our customers’ privacy and security,” a spokesperson said. “The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way.
“Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities.”
0 comments: