wikileaks New Vault 7 leaks show CIA can install persistent malware on OS X and iOS devices

[vissha]

New Vault 7 leaks show CIA can install persistent malware on OS X and iOS devices

 

 

A new trove of documents belonging to Wikileak’s Vault 7 leaks, dubbed “Dark Matter” reveal that Apple devices including Macs and iPhones have been compromised by the CIA. They are affected by firmware malware meaning that even a re-installation of the operating system will not fix the device.

 

The CIA’s Embedded Development Branch (EDB) have created several tools for exploiting Apple devices, these include:

• Sonic Screwdriver – allows an attacker to boot its malware from peripheral devices such as a USB stick.
• DarkSeaSkies – is an “implant” that persists in the EFI firmware of MacBook Air computers. It consists of “DarkMatter”, “SeaPea” and “NightSkies” which affect EFI, kernel-space, and user-space respectively.
• Triton – macOS malware.
• Dark Mallet – Triton infector.
• DerStake – EFI-persistent version of Triton.

The documents show that DerStake was at version 1.4 as of 2013, but other documents show that as of 2016, the CIA was working on DerStake 2.0. According to Wikileaks, NightSkies can infect Apple iPhones, the organisation said what’s noteworthy is that NightSkies has been able to infect iPhones since 2008. The CIA documents say NightSkies is a “beacon/loader/implant tool”. It is “expressly designed” to be physically installed onto factory fresh iPhones meaning the CIA has been intercepting the iPhone supply chain of its targets since at least 2008.

 

"Dark Matter" is just the latest release of documents from the wider Vault 7 leaks, more CIA documents are expected in the future.

 

Main Source: Wikileaks

 

Source

[steven36]

The CIA  still want talk about it  they still not said nothing about it since  when  they 1st posted the leaks . I find it funny last summer everyone was worried about the FBI hacking a IPhone and the CIA  had been targeting the iPhone since 2008. Can we say a day late and a dollar short ? Once hacks gets exposed they just tell the vendors  and they  get patched and  use ones no one knows about yet. The CIA knew the hacks were leaked out in 2016 I dont see were  they posted any valuable info yet . Most likely a post will come out soon by Apple saying most all of the known backdoors were patched  already..

 

I guess everyone thought i was a crackpot when I told them they was already be doing this kind of stuff  . The motive behind the reason the FBI brought it to court didn't have nothing to with them hacking a IPhone the motive was too introduce legal backdoors by vendors . The FBI  has been backdooring and motioning software every since the public internet but it has been really bad every sine after 9-11 . But it may not of caused legal backdoors by vendors but they made it legal for the FBI  to hack anyone in the world it expanded there powers because of the TOR Exploit and ones we dont even know about yet.  .. But  CIA has always had the authority to hack anywhere out of the USA . We already know they been doing this   .

 

When Bush took out Saddam Hussein the CIA  was in charge over there in IRAQ  they not only hack . they kill and torture people and take out whole Governments. There  assassins  with a badge ..They shipped in Cocaine to the  USA  for money to provide the Contra's with weapons when Regan was in office and the 1st Bush pardoned them you mess with them you could end up dead and they won't even be the ones who done it they could hire someone. .

 

See back when 9-11 happen right after encryption was new  to the internet and no one hardly used it but a few and they didn't need to hack encryption and they made many arrest  because everything was said in the open in IM, emails etc  . All they needed was was permission from vendors to monitor everyone  and this is what we now  know as Prism  .

[steven36]

Quote

 

No. That's not what the document says. The CIA has NOT been infecting iPhones in the supply chain.

 

To be clear, if the documents had said that, it would be massive news, and would call for an immediate inquiry. They don't say that though.

I can see how people come to that conclusion. Most people don't think of firmware outside of the supply chain. (You should!)

The use of a USB-to-Ethernet dongle that could be left with the machine suggests it was used on SINGLE targets, not in some massive campaign

Suggesting that this was a supply chain hack is dangerous and wrong. Don't fall for the WikiLeaks propaganda.

Generally, expect to see cool techniques for targeting individuals or groups in these dumps. Bulk "supply chain" stuff is just out of scope.

 

 

 

By  Jonathan Nichols‏

https://twitter.com/wvualphasoldier/status/844945883405963264

This hack is some 90s technology or something like James Bound 007 crap were they sneak in somewhere and implant malware  thorough usb in  you're device  . You have to have access to the phone or Mac .this mean the CIA went in  you're office or home  Thing is this is the lest of you're worries  You should worried about 2017 and Google saving everything anyone does on every service they have and every site that is using them and the US government won the low court case that Google had to hand stuff over that they appealed

[rasbridge]

Published 9:22 am EDT, March 23, 2017 Updated 1:07 pm EDT, March 23, 2017 124 Comments By S.J. Prince 

 

A new WikiLeaks Vault 7 leak titled “Dark Matter” claims, with unreleased documents, that the Central Intelligence Agency has been bugging “factory fresh” iPhones since at least 2008. WikiLeaks further claims that the CIA has the capability to permanently bug iPhones, even if their operating systems are deleted or replaced.

 

The documents are expected to be released in the next 24-hours. The announced was made after a “press briefing” that WikiLeaks promoted on its Twitter.

Watch a playback of the Assange-led livestream here.

 

A summary of the documents has been released on the WikiLeaks website. It reads:

Dark Matter

23 March, 2017

Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStarke" are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

 

Source:  http://heavy.com/news/2017/03/wikileaks-vault-7-leak-cia-bugs-iphones-factory-fresh-darkmatter-darkseaskies/

[DKT27]

Threads merged.

[straycat19]

Apple has stated that they had patched these vulnerabilities years ago.  So these tools may have been in the archives but were not being used anymore on currently used IOS/OSX versions.  I don't believe that the tools that were stolen are relevant to today's operating systems because live tools are not maintained in an internet connected server and thus cannot be stolen.  More than likely the stolen 'data' came from a honeypot and represents old tools, misinformation, and outright lies and fiction.  The art of misinformation is so prevalent on the internet because everyone wants to believe everything that is posted, whether an original article, a 'leaked' article, or a 'stolen' article.  Wake up and smell the bullshit.

[steven36]

1 hour ago, straycat19 said:

 Wake up and smell the bullshit.

That's called freedom of the press  , former president Bush said The media is 'indispensable to democracy' and i seen him say it on the Today Show seeing someone say something cant be disputed unless you can prove someone is lying and still that want do any good unless you take them too court .

http://www.usatoday.com/story/news/politics/onpolitics/2017/02/27/george-w-bush-today-show-interview/98477882/

Trump thanks Obama wiretapped him but all the mainstream media outlets thinks hes a nutbag so he will have too prove it. When the USA president acts like a conspiracy theorist  and liked reading Wiki leaks tell they made him stop  and you think you telling the few people who visits here will do any good? if you know it to be overblown just  expose it for what  it is and move on, maybe you will be debated if they think you're wrong, maybe not. But dont come on here shouting out orders to us telling us what to do  , you're not a mod here