CIA has been bugging ‘factory fresh’ iPhones since 2008, WikiLeaks says

by WorldTribune Staff, March 24, 2017

The CIA has been monitoring new iPhones since at least 2008, according to documents obtained by WikiLeaks.

Additionally, the CIA is capable of permanently bugging iPhones even if their operating systems have been deleted or replaced, the WikiLeaks Vault 7 leak titled “Dark Matter” claims.

Included in the newly-obtained documents “is the manual for the CIA’s ‘NightSkies 1.2’ a ‘beacon/loader/implant tool’ for the Apple iPhone,” WikiLeaks said.

“Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.”

The documents also reveal the “Sonic Screwdriver” project which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled.” The CIA’s “Sonic Screwdriver” infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

WikiLeaks also reported on “DarkSeaSkies”, which is “an implant that persists in the EFI firmware of an Apple MacBook Air computer” and consists of “DarkMatter”, “SeaPea” and “NightSkies”, respectively EFI, kernel-space and user-space implants.

Documents on the “Triton” MacOSX malware, its infector “Dark Mallet” and its EFI-persistent version “DerStake” are also included in the WikiLeaks release. While the DerStake1.4 manual dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStake2.0.

“While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise,” WikiLeaks said.

Be Sociable, Share!

FACEBOOK Comments

Login To Your FaceBook to Make Comments

You must be logged in to post a comment Login