WikiLeaks has released a new Vault 7 leak titled “Dark Matter”. The release claims to have unreleased documents that the Central Intelligence Agency has been bugging factory fresh iPhones since back in 2008. The whistle blowing site has revealed that the CIA has the ability to permanently bug iPhones even if the operating systems are replaced or deleted.
The whistle blowing site had revealed that it will conduct a press briefing at around 10 a.m. EDT. WikiLeaks promoted the release on its Twitter profile.
The Dark Matter was released today, on the 23rd of March 2017. WikiLeaks said that the release is a continuation of the Vault 7. It contains documentation for several CIA projects that infect Apple Mac computer firmware.This means that the infection persists even if the operating system is re-installed. The project was developed by the CIA’s Embedded Development Branch.
The documents have highlighted the techniques that are used by the CIA to gain persistence on Apple Mac devices. The techniques can be deployed on both iPhones and Macs, they exploit the devices by using EFI/UEFI and firmware malware.
The summary which WikiLeaks released on its website points out that the documents reveal the Sonic Screwdriver project.The Sonic Screwdriver project was a mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting. That allows the attacker to boot their software for instance from a USB stick.
The process can be conducted even when a firmware password is enabled. The Sonic Screwdriver infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.
The leak also reveals that “DarkSeaSkies” is an implant that persists in the EFI firmware of an Apple MacBook Air computer.
The implant consists of “DarkMatter”, “SeaPea” and “NightSkies”, respectively EFI. All which are kernel-space and user-space implants.The release also includes documents on the “Triton” MacOSX malware, its infector “Dark Mallet” and its EFI-persistent version “DerStake” are also included in this release.
The DerStake1.4 manual that was released today dates back to 2013. The other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.The release also contains the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool” for the Apple iPhone.
It’s also important to note that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. This reveals that the CIA has been infecting the iPhone supply chain of its targets since at least 2008.
The CIA assets are sometimes used to physically infect systems in the custody of a target. However, it is also possible that many CIA physical access attacks have infected the targeted organization’s supply chain.The agency can achieve that by prohibiting mail orders and other shipments that are leaving the United States.
