Julian Assange's 'Sonic Screwdriver': Latest WikiLeaks Disclosure Says CIA Injected Spy Software Into Mac Chips

The latest and follow-on revelations made by WikiLeaks on the CIA cyberhacking scandal Thursday highlighted the techniques used by the CIA to gain persistence on Apple Inc. AAPL's Mac devices and demonstrates the use of EFI/UEFI and firmware malware.

The Background

For the uninitiated, on March 7, the Julian Assange-led publication released "Year Zero," the first of a series of disclosures, code-named as "Vault 7," that revealed details of the sophisticated tools to break into smartphones, computers and TVs of big corporations.

Hacking Into The Mac

The latest revelation delved on the "Sonic Screwdriver" project, which allowed execution of code on peripheral devices while a Mac laptop or desktop is booting. This code allowed a hacker to boot its attack software from peripheral devices such as a USB, even when a firmware password is enabled. The leaks suggested that the Sonic Screwdriver infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

DarkSeaSkies

The WikiLeaks release also explained DarkSeaSkies, an implant that persists in the EFI firmware of an Apple MacBook Air Computer. This consists of DarkMatter, a EFI implant, SeaPea, a kernel-space implant and NightSkies, a user-space implant.

The document also included the manual for the CIA's NightSkies 1.2, an implant tool for the iPhone. The 1.2 version is expressly designed to be physically installed onto factory fresh iPhones, with the CIA infecting the iPhone supply chain of its target since at least 2008.

DerStarke2.0

The EFI-persistent version of infector "Dark Mallet," which infects Triton MacOSX malware, is called DerStarke. The latest version of it is 1.4, which was launched in 2013. "As of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0," the WikiLeaks release said.

Companies Receive Offer To Assist

Companies, including Apple, Cisco Systems, Inc. CSCO, Alphabet Inc GOOG GOOGL, Facebook Inc FB, Microsoft Corporation MSFT and SAMSUNG ELECTRONIC KRW5000 SSNLF, fell victims to CIA's ploy, the WikiLeaks disclosures said.

Despite Assange's offer to support the sharing of the precise software code used, these companies have not reacted much, given the fears of violating laws governing the receipt of classified information, a New York Times report said.

Google and Microsoft had merely asked existing channels to report any security breach, by pointing out the WikiLeaks revelation. Apple refused to talk to WikiLeaks directly but has asked any information intended to be shared to be submitted through the normal process under its standard terms. The New York Times report also quoted Apple as saying the Mac vulnerabilities described in the disclosure were previously fixed in all Macs launched after 2013.

Related Links:

WikiLeaks' Vault 7: What Are 'Zero Day' Vulnerabilities?

Intel, Others Respond To Vault 7 CIA WikiLeaks With New Security Tools

There Have Been Some Notable Cybersecurity Breaches In 2017 (And It's Only March)

Market News and Data brought to you by Benzinga APIs
Comments
Loading...
Posted In: NewsPoliticsTechMediaGeneralDarkSeaSkiesJulian AssangeNew York TimesSonic ScrewdriverVault 7WikiLeaksYear Zero
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!