The CIA spies Apple devices since 2008
WikiLeaks has published a new series of documents part of the Vault 7 publication on CIA’s hacking tools classified documents. Under “Dark Matter” title, the activist organization has leaked manuals revealing the development of projects by the US intelligence agency to hack Apple devices.
One such manual revealed is dated from 2012 and named “Sonic Screwdriver”. It involves running malware stored on Mac peripherals, such as adapters, USB sticks or external hard drives. Which once connected to the computer when it boots, infects the device at a Firmware level, no matter if a firmware password is enabled. This means that the malware is permanently stored in the kernel and is impossible to remove, even if the entire device is formatted. Allowing the CIA to access all internal information stored on the computer forever.
The document details the ease in how malware runs on computers through an infected Apple Thunderbolt-to-Ethernet adapter.
There are more espionage initiatives revealed. Such as the “NightSkies 1.2” program, reached by 2008. A “beacon/loader/implant tool” designed to be physically installed in an iPhone 3G 3.1. The CIA wrote that the implant was giving the agency complete control over an infected device. Informing on the location, uploading and downloading files and executing commands remotely. According to WikiLeaks, it is likely that CIA has sneaked into the supply chain for iPhones. Intercepting Apple’s mobile shipments to have physical access to them, infecting them with malware and putting them out as if nothing had happened.
Other Mac OSX malware developments are the “Triton” and “DerStarke”. Aimed at spy files and folders from a computer. WikiLeaks assures that other documents have shown that as of 2016 the CIA is keeping updating these systems. Something to be concerned about.
In response to the leaked documents, Apple has stated to TechCrunch that the documents are old and that the described vulnerabilities were resolved a long time ago. Problem solved. Who can make sure that no new holes have been found in the Apple devices code? Seeing the morally debatable modus operandi of the CIA, who can assure that our gleaming Macbook, iPhone or iPad is not contaminated?
But not only Apple…
This second take of Vault 7 is preceded by the biggest leak of CIA classified documents until now. 8,761 documents and files from a high-security network from the CIA’s Cyber Intelligence Center in Langley, Virginia. Which came to WikiLeaks after being circulated between hackers of the US government and non-authorized third parties. The documents contain several hundred million lines of code created by the EDG (Engineering Development Group), a kind of CIA hacking division. An entire hacking arsenal that includes malware, viruses, trojans, “zero-day” exploits, remotely controlled malware and associated documentation.
Documents show how the CIA, in cooperation with the UK intelligence agency, MI5, hacked Samsung’s F8000 Smart TVs. The malware named “Weeping Angel” makes TVs act as microphones and record conversations, even though televisions were turned off.
It was also leaked how they attack smartphones to have access to information about geolocation, audios or text communications and activate cameras and microphones. In addition to being able to bypass encrypting of applications such as WhatsApp, Telegram, Signal or Weibo.
Computers with Windows, Mac, Linux and even routers were among the targets to be controlled by CIA malware.
Leaks also show plans to carry out an attack on the most modern vehicle driving systems, the aim of which remains unclear.
Google and Apple reacted by ensuring that much of the leaked issues had already been fixed in the latest OS updates and would continue to work to identify and fix the remaining vulnerabilities. Microsoft and Samsung preferred to be more cautious and state that data would be analyzed urgently. Linux was confident that the vulnerabilities leaked were solved quickly.
Although the CIA has not recognized the authenticity of the documents, nor is it expected to do so. Experts suggest that these can be genuine and the reaction of affected companies that did not deny the leaked vulnerabilities, supports it.
What does this mean for you?
As we have seen, Orwell’s 1984 is a reality. It is more than likely that the CIA is spying on people through smartphones, computers, TVs, and even automobiles. Not only by accessing information stored on the devices but by turning them into microphones and activating the cameras when they think it is opportune. Having access to our most private moments. Leaving not only any ethical or moral code but also legal. WikiLeaks confirms an open secret, and upcoming publications will surely reveal even more alarming, scandalous and concerning information.
We may think, erroneously, that all this espionage or mass surveillance is not with us. We are not people of interest to be potential victims of CIA or any other government agency. We are not a target of the big brother. We have nothing to hide. We are not political leaders, activists or journalists. We may think that this problem does not directly affect us. But it’s not like that. It is not only that governments may violate our privacy, which is already serious. The big concern is also that these digital devices vulnerabilities are not reported, being at the mercy of cyber-crime. Even the CIA itself has suffered from hacking.
That is why protect our privacy and enhance our digital security must be a priority. We must use all the tools we have available to protect and secure our data, files, and communications. In our guide, you can find quick and easy actions to start planting a digital security flag today. You can also consult our site about data security: Flag6.io, our Virtual Private Networks comparison tool to choose your best option to secure your data and confidential information private. If you have any questions about it, do not hesitate to write us.