The Wikileaks Vault 7 dump will make for a long time the headlines, the organization has just released another lot of classified documents related the hacking tools and techniques and exploit codes used by the CIA cyber spies to hack Apple MacBook and iOS devices.
Wikileaks dubbed this batch of information as ‘Dark Matter,’ it includes five documents on Mac and iPhone hacks developed by the CIA.
This is the second bash of Vault 7 released by WikiLeaks after the whistleblower organization released the first one on March 7.
The hacking tools and techniques were devised by CIA unit, called Embedded Development Branch (EDB).
“Today, March 23rd 2017, WikiLeaks releases Vault 7 ‘Dark Matter’, which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.” reads the Dark Matter description provided by Wikileaks.
The CIA experts have found a way to infect Apple firmware to gain persistence, in this way the attackers were able to maintain the infection on Mac OS and iOS devices even if the operating system has been re-installed.
According to WikiLeaks, one of the most interesting documents is related to the “Sonic Screwdriver” project, which is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting”allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled”.
The technique allows a local attacker to boot its hacking tool using a peripheral device (i.e. USB stick, screwdriver),“even when a firmware password is enabled” on the device. This implied that the Sonic Screwdriver allows attackers to modify the read-only memory of a device, the documents revealed that malware is stored in the Apple Thunderbolt-to-Ethernet adapter.
Digging in the Dark Matter dump we can find the NightSkies 1.2 hacking tool, which is described as a “beacon/loader/implant tool” for the Apple iPhone.
“Also included in this release is the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool” for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.” continues Wikileaks.
This hacking tool has expressly been designed by the CIA hackers to infect “factory fresh” iPhones, likely during transport. The existence of the tool suggests that the Central Intelligence Agency has been targeting the iPhone supply chain since at least 2008.
“While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise,” says WikiLeaks.
“DarkSeaSkies” is another implant described in the Dark Matter repository. It is described as “an implant that persists in the EFI firmware of an Apple MacBook Air computer” and consists of “DarkMatter”, “SeaPea” and “NightSkies”, respectively EFI, kernel-space and user-space implants.
Wikileaks plans to release more interesting information about the CIA cyber capabilities and hacking techniques.
Stay Tuned …
[adrotate banner=”9″]
(Security Affairs – Dark Matter, CIA)
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.