WikiLeaks dropped a huge bombshell over two weeks ago when it revealed that it gained access to a treasure trove of the Central Intelligence Agency’s (CIA’s) hacking tools. Documents detailed numerous tools at the agency’s disposal including viruses, trojans, zero-day exploits and other avenues to monitor or infiltrate devices ranging from iPhones to Smart TVs to computers running Windows or Mac operating systems.
In the case of Apple devices, the CIA has its own dedicated team within the Mobile Device Branch (MDB) that specializes in exploiting iOS-based devices like the iPhone and the iPad. “The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites,” said WikiLeaks when it initially revealed its “Vault 7” leak to the world.
On Thursday, WikiLeaks doubled down on its detailing of Apple-related exploits with its Vault 7 “Dark Matter” document dump. These exploits have some rather nefarious-sounding names like “Sonic Screwdriver” and “DarkSeaSkies”. Sonic Screwdriver allows an attacker to gain access to and execute code on a target Mac using a modified Thunderbolt-to-Ethernet dongle "even when a firmware password is enabled”.
WikiLeaks also detailed DarkSeaSkies, which embeds itself into the EFI of older MacBook Air devices and “Triton” malware, which specifically targets OS X. There’s also an infector called “DerStarke” that persists in EFI. “While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0,” writes WikiLeaks.
One of the exploits targeted the 2008-era iPhone 3G
Yet another exploit, “NightSkies v1.2”, specifically targeted the rather decrepit iPhone 3G running iOS 2.1. This exploit was capable of accessing not only text messages, but all contents of your address book. However, this hack required the CIA to have physical access to the iPhone so that employees could install custom ISPW firmware.
While these exploits all sound like bad news for iPhone and Mac users, Apple is throwing a few hundred gallons of cold water on WikiLeaks’ latest reveal. According to the Cupertino-based company, all of these exploits have already been addressed in a steady stream of security updates that it pushed out to its customers. Apple provided the following statement to TechCrunch:
We have preliminarily assessed the WikiLeaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.
We have not negotiated with WikiLeaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.
WikiLeaks, for its part, is not all that impressed with Apple’s response:
Apple's claim that it has "fixed" all "vulnerabilities" described in DARKMATTER is duplicitous. EFI is a systemic problem, not a zero-day.— WikiLeaks (@wikileaks) March 24, 2017
So, what should we all take away from the latest WikiLeaks announcement and Apple’s follow-up confirmation that these exploits have been nullified? Keep all of your devices up-to-date with the latest security patches and OS updates. Apple regularly provides updates for both its macOS and iOS platforms, so there’s really no reason to fall behind the curve. However, if your device falls into the wrong hands, all bets are off when it comes to keeping your data safe. Where there’s a will, there’s a way to physically crack nearly any device as the FBI was finally able to do with the “San Bernardino” iPhone 5c.