Dubbed “Dark Matter,” the documents, a new addition to WikiLeaks’ ongoing “Vault 7” dump, detail hacks developed for iPhones and MacBooks as far back as 2008.
“These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware,” a WikiLeaks press release says.
By targeting the firmware, CIA hackers can remain in control of an infected device even if the target wipes the data and re-installs the operating system.
One such tool, known as “Sonic Screwdriver,” is, according to the CIA, a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting…”
By providing a target with a compromised peripheral device such as an Apple Thunderbolt-to-Ethernet adapter, which stores “Sonic Screwdriver” in its firmware, the CIA can gain persistence “even when a firmware password is enabled” on the target computer.
A 2008 document discussing an attack on iPhones, called “NightSkies,” reveals a malicious implant that would be physically installed on a new device. One method of deploying the hack could potentially involve intercepting an iPhone before it reaches a target.
“The tool operates in the background providing upload, download and execution capability on the device,” the document states. “NS is installed via physical access to the device and will wait for user activity before beaconing.”…