WikiLeaks continues to release "Vault 7" documents detailing the Central Intelligence Agency's security programs. In today's release called "Dark Matter," the organization has focused on iPhone and Mac-related vulnerabilities. As we have repeatedly noted, despite the media hyperbole, none of these are actually "eye-opening" or even work. However, these documents do give us an insight into the extensive surveillance programs that are being run by the CIA, targeting every product and operating system.
WikiLeaks Vault 7 now focuses on Mac and iPhone exploits
Only a few weeks after "Year Zero" was released, WikiLeaks has released another batch of documents, focusing on iOS and macOS. With Apple adamant about having all of the security flaws fixed, nothing in today's dump poses a security risk, however, it does share some interesting information. Today's leak, for example, reveals that the CIA has been targeting the iPhone since 2008, only a year after it was released.
The document details one of the CIA's implants, called NightSkies. A manual noted that the NightSkies malware was working on an iPhone 3G running iOS 2.1. The agency wrote in a document that the CIA had full control over an infected device.
"The tool operates in the background providing upload, download and execution capability on the device. NS is installed via physical access to the device and will wait for user activity before beaconing. When user activity is detected, NS will attempt to beacon to a preconfigured LP [listening post] to retrieve tasking, execute the instructions, and reply with the responses in one session."
Today's "documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware," the whistleblowing organization noted in the press release.
Created by the CIA's Embedded Development Branch, another malware focused on the Mac is called the "Sonic Screwdriver." Sonic Screwdriver could be easily launched from a USB stick, or even an Apple Thunderbolt-to-Ethernet adapter with modified firmware to infect the target device. WikiLeaks said SS allows an attacker "to boot its attack software" even if the Mac has a password enabled on sign-up.
The vulnerabilities released today all require physical access to the target machine. Like most of the documents released by WikiLeaks, these are decade-old exploits that no longer exist. However, the new data dump does raise questions if WikiLeaks could get access to more recent vulnerabilities, and if so, when would those be disclosed.