Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
WikiLeaks Continues 'Vault 7' With New Documents Detailing Mac-Related CIA Exploits
WikiLeaks today continued its "Vault 7" series by leaking details concerning CIA-related programs that were built with the intent to infect iMac and MacBook devices. Today's "Dark Matter" installation of Vault 7 follows a few weeks after WikiLeaks debuted "Year Zero," which focused on exploits that the CIA created for iOS devices. In a response the same day that Year Zero came out, Apple said that many of the vulnerabilities in the leak were already patched.
Now, WikiLeaks is shedding light on Mac-related vulnerabilities and exploits, which the leakers claim "persists even if the operating system is re-installed." The project in question, created and spearheaded by the CIA's Embedded Development Branch, is called the "Sonic Screwdriver" and represents a mechanism that can deploy code from a peripheral device -- a USB stick, or the "screwdriver" -- while a Mac is booting up.
According to WikiLeaks, this allows an attacker "to boot its attack software" even if the Mac has a password enabled on sign-up. In the report, it's said that the CIA's own Sonic Screwdriver has been stored safely on a modified firmware version of an Apple Thunderbolt-to-Ethernet adapter. Besides the Doctor Who-referencing exploit, Dark Matter points towards yet another bounty of CIA programs aimed at gathering information, infecting, or somehow crippling a Mac device.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Now, WikiLeaks is shedding light on Mac-related vulnerabilities and exploits, which the leakers claim "persists even if the operating system is re-installed." The project in question, created and spearheaded by the CIA's Embedded Development Branch, is called the "Sonic Screwdriver" and represents a mechanism that can deploy code from a peripheral device -- a USB stick, or the "screwdriver" -- while a Mac is booting up.
According to WikiLeaks, this allows an attacker "to boot its attack software" even if the Mac has a password enabled on sign-up. In the report, it's said that the CIA's own Sonic Screwdriver has been stored safely on a modified firmware version of an Apple Thunderbolt-to-Ethernet adapter. Besides the Doctor Who-referencing exploit, Dark Matter points towards yet another bounty of CIA programs aimed at gathering information, infecting, or somehow crippling a Mac device.
"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.Dark Matter isn't exclusively Mac focused, however, and includes a few new iPhone exploits in the round-up as well. One is called "NightSkies 1.2" and is described as a "beacon/loader/implant tool" for the iPhone that is designed to be physically installed on an iPhone directly within its manufacturing facility. This conspiracy-leaning exploit is said to date back to 2008 -- one year after the first iPhone debuted -- and suggests, according to WikiLeaks, that "the CIA has been infecting the iPhone supply chain of its targets since at least 2008."
Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.
While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.The full list of the new Dark Matter documents can be found on WikiLeaks, and we're likely to see more Apple-related WikiLeaks as the Vault 7 series continues. As it was with Year Zero, it'll still take some time for security analysts and experts to determine the full impact of today's leaks.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Tag: WikiLeaks
[ 97 comments ]
Top Rated Comments
(View all)
33 months ago
Probably the most harmful thing Apple has done is try to con their customers into thinking their gadgets are secure.
I think it is a little different when you are talking about this situation, considering you need physical access to the device.
Also, I don't ever remember Apple saying that Macs were 100% secure for any attack. They did say that iPads don't get PC viruses though, which is true. Just like I don't get PC viruses.
33 months ago
Not surprising the government has a secret arsenal of weapons to gather cyber information on multiple platforms and devices. The part that bothers me is how far they go to do it to the average person.
33 months ago
What's more bothersome is if these exploits get into the wrong hands. And that's entirely possible.
When, not if.
33 months ago
Hope they bring a dongle to install the malware!
Don't you get it?? The dongle IS the malware.
/s
33 months ago
So, it sounds like code could only be done with having physical access to the device itself.
Interesting spy stuff.
Yes. Physical security is #1. Without it, you're compromised.
I will post a good security guide I found:
https://github.com/drduh/macOS-Security-and-Privacy-Guide/blob/master/README.md
33 months ago
Not surprising the government has a secret arsenal of weapons to gather cyber information on multiple platforms and devices. The part that bothers me is how far they go to do it to the average person.
What's more bothersome is if these exploits get into the wrong hands. And that's entirely possible.
33 months ago
Well there you go folks. These are all spying devices. Probably the most harmful thing Apple has done is try to con their customers into thinking their gadgets are secure.
Might as well just blog our life story, daily correspondence and inner secrets on Facebook and be done with it.
Might as well just blog our life story, daily correspondence and inner secrets on Facebook and be done with it.
33 months ago
Wikileaks is a known foreign enemy of the US who conducts cyber warfare. Not a public service.
The constitution of America was created to protect the people from government. That is why we flourish as a society.
Wikileaks is doing the same.
33 months ago
Again, it shouldn't come as a surprise to anyone that the Central Intelligence Agency has tools to conduct espionage. It's literally their job description. This has been known for a long time. These Wikileaks revelation just state the obvious. So calm down everyone.
No, the CIA in not spying on you. These tools are used for statecraft, espionage, and terrorism threats. The CIA doesn't care about the porn you have on your Mac. Calm down.
The CIA does not spy on its own citizens en-masse either. They don't have the manpower. The NSA however is a different and separate story.
This is another rouse to get you riled up like last time. No actual tools were released. Just the knowledge that the CIA possesses the ability, which we already knew. No big deal. Calm down.
No, the CIA in not spying on you. These tools are used for statecraft, espionage, and terrorism threats. The CIA doesn't care about the porn you have on your Mac. Calm down.
The CIA does not spy on its own citizens en-masse either. They don't have the manpower. The NSA however is a different and separate story.
This is another rouse to get you riled up like last time. No actual tools were released. Just the knowledge that the CIA possesses the ability, which we already knew. No big deal. Calm down.
[ Read All Comments ]
Signify today announced a new device for its Philip Hue line of lights, debuting the Hue Play HDMI Sync Box, designed to allow Hue users to sync their lights to their home entertainment systems.
...
Apple on Tuesday argued that the European Union's order for it to pay 13 billion euros ($14.3 billion) in back taxes to Ireland "defies reality and common sense," as it kicked off its...
Apple is set to invest $1 billion in India as it gets ready to export its "Made in India" iPhones, according to a new report out today.
Times of India says Foxconn is the main...
The non-profit Wi-Fi Alliance today announced the release of the Wi-Fi 6 certification program, noting that devices with the Wi-Fi 6 Certified logo will meet the "highest standards for security...
MacRumors has partnered with Anker again this week to offer our readers a chance to save on nine accessories, including USB-C chargers, wireless chargers, Lightning cables, and portable battery...
New to Apple Watch Series 5 models is a built-in compass that allows users to see which way they are facing, complete with a new Compass app that displays heading, incline, latitude, longitude, and...
Mophie this week launched a new wireless charging stand for any Qi-enabled smartphone, including the latest iPhone 11, 11 Pro, and 11 Pro Max devices. The accessory is available on Mophie's...
Amazon is offering customers a chance to save when pre-ordering the Apple Watch Series 5, which is set to be released this Friday, September 20. The retailer's sale is focused on select models of...
