As part of its “Vault 7” series, Wikileaks — the popular whistle-blowing platform — has just released another batch of classified documents focused on exploits and hacking techniques the Central Intelligence Agency (CIA) designed to target Apple MacOS and iOS devices.
Dubbed “Dark Matter,” the leak uncovers macOS vulnerabilities and attack vectors developed by a special division of the CIA called Embedded Development Branch (EDB) – the same branch that created ‘Weeping Angel’ attack – and focused specifically on hacking Mac and iOS firmware.
CIA Infects Apple Devices With Irremovable Malware
The newly released documents revealed that CIA had also been targeting the iPhone since 2008.
The Agency has created a malware that is specially designed to infect Apple firmware in a way that the infection remains active on MacOS and iOS devices even if the operating system has been re-installed.
According to Wikileaks, the released documents also gives a clear insight into “the techniques used by the CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.“
The ‘Sonic Screwdriver’ Hacking Tool
One of the documents, which is dated November 2012, reveals details about the “Sonic Screwdriver” project, which according to the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting.”
The hacking method described in this documents allows access to a Mac’s firmware using an Ethernet adapter that plugged into the computer’s Thunderbolt port.
It allows hackers to deliver malware from a peripheral device – such as a USB stick or a external hard drive – “even when a firmware password is enabled” on the device.
The implanted ethernet adapter needs to be plugged into the Thunderbolt port when the computer is powered on in order for code to be executed. If the adapter is plugged it after the machine is powered on, no implant code will be executed.” document explains.
The NightSkies iPhone Implants
Another document in the latest release consists of a manual for the CIA’s “NightSkies 1.2,” which is described as a “beacon/loader/implant tool” for the Apple iPhone.
COG has the opportunity to gift a MacBook Air to a target that will be implanted with this tool. The tool will be a beacon/implant that runs in the background of a MacBook Air that provides us with command and control capabilities. The implant will beacon periodically. This beacon must be persistent in the MacBook Air, and must leave a minimal on-disc footprint.” document says.
What’s noteworthy is that the first version of this iPhone hacking tool is operational since 2007, which has expressly been designed to infect “factory fresh” iPhones in the supply chain, WikiLeaks stated in a press release.
While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise,” says WikiLeaks.
CIA’s Dark Matter leak is the second batch of Vault 7 released by WikiLeaks, after the whistleblower organization released the first part of an unprecedentedly large archive of CIA-related classified documents on March 7.
Previously published Vault 7 leak outlined a broad range of security bugs in software and devices, including iPhones, Android phones, and Samsung TVs, which millions of people around the world rely on, to intercept communications and spy on its targets.
Expect to see more revelations about the government and Intelligence agencies from the WikiLeaks in coming days as part of its Year Zero series.