Wikileaks has released another set of data from its Vault 7 document cache, this time detailing how the CIA infects macOS firmware and 'factory fresh' iPhones.
The 'Dark Matter' documentation uncovers the so-called 'Sonic Screwdriver' project, created and spearheaded by the CIA's Embedded Development Branch, which - as explained by the CIA themselves - is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting,
This means that an attacker could install malicious software via a USB stick, for example, even if a firmware password is required, meaning that the read-only memory of a device can be modified. The CIA's infector makes use of a modified Apple Thunderbolt to Ethernet adapter.
Wikileaks' documents reveal that the CIA is also making use of 'DarkSeaSkies', which is described as "an implant that persists in the EFI firmware of an Apple MacBook Air computer", along with "'Triton' macOS malware, its infector 'Dark Mallet' and its EFI-persistent version 'DerStake'."
We already knew that iPhones are another target of the CIA, but 'Dark Matter' reveals that, using a 'beacon/loader/implanter tool' called 'NightSkies 1.2', that has reportedly been designed to be physically installed onto factory fresh iPhones.
Wikileaks adds that NightSkies had reached version 1.2 by 2008, noting that "the CIA has been infecting the iPhone supply chain of its targets since at least 2008".
Wikileaks concludes: "While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organisation's supply chain, including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise."
"The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way," a spokesperson told the BBC.
"Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 per cent of users running the latest version of our operating system.
"While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities.
"We always urge customers to download the latest iOS to make sure they have the most recent security update."
Intel wants to get inside your car, despite missing out on mobile
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith