The CIA has put quite a bit effort into figuring out ways to hack Apple devices.That’s the takeaway from the latest batch of documents dumped by WikiLeaks.
The so-called “Dark Matter”documents, published Thursday, detail methods allegedly used by the CIA to infect MacBooks and some older iPhones with malware that allowed the agency to remotely spy on device owners.
As usual, WikiLeaks released a fairly alarming-sounding statement accompanying the documents. But before you freak out about the security of your own Apple products, it’s important to understand exactly what they say.
Physical access is everything
It’s important to note that, much like the earlier Vault 7 dump that detailed exploits used to “bypass” encryption used by chat apps like WhatsApp and Signal, the new methods described in the latest documents also require physical access to the device.
The documents make completely clear the fact that CIA operatives would need physical access to a device before they can carry out any of the exploits described.
So what was that about an iPhone?
First, the good news. The only iPhone specifically named in the documents is one that is pretty much completely dead: the iPhone 3G (running iOS 2.1, no less). Apple also confirmed Thursday the only iPhone affected was the 3G and that the vulnerability was fixed as of the release of the iPhone 3GS.
Still, the exploit detailed in a document called NightSkies, dated to 2008, involved “a beacon/loader/implant tool” that “operates in the background providing upload, download and execution capability on the device.”
The setup process was somewhat complex (again, it required physical access to the phone), but once there, it could have been used to access an astonishingly vast amount of data from a “target’s” iPhone.
The document contains instructions for downloading call logs, text messages, contacts lists, mail and maps files, browser history, YouTube video cache (YouTube was one of the only third-party apps to come pre-installed on early iPhones), voicemails, calendar data, photos and even “user-specific” keyboard data. In other words: very nearly everything you could possibly hope to get off an iPhone using the app’s that came pre-installed at the time.
What about the MacBooks?
It all started with a dongle. Seriously.
A project called Sonic Screwdriver (yes, we already know the CIA is full of Doctor Who fans) detailed how a thunderbolt-to-ethernet adapter could be modified with a bit of malicious code designed to infect a laptop’s firmware.
By infecting the firmware, this allowed the code to “persist” in the device even if the hard drive was wiped or the operating system is completely re-installed. As Motherboard’s Lorenzo Franceschi-Bicchierai points out, it was actually a fairly clever move by the CIA as a similar method was later uncovered by security researchers two years later in 2014.
According to the documents, the CIA tested this method with MacBook Pros and MacBook Airs from late 2011 to mid 2012. (In a statement, Apple said this particular exploit had been fixed in every MacBook made after 2013.)
But, again, before you go chucking your own ethernet adapter in the garbage, remember that this only worked with adapters that had been specially modified with the malicious code to begin with.