Wikileaks Releases "NightSkies 1.2": Proof CIA Bugs "Factory Fresh" iPhones

Tyler Durden's picture

The latest leaks from WikiLeaks' Vault 7 is titled “Dark Matter” and claims that the CIA has been bugging “factory fresh” iPhones since at least 2008 through suppliers.  The full documents are expected to be released after a 10 a.m. EDT “press briefing” that WikiLeaks promoted on its Twitter.

Here is a live stream of the pending press briefing with Julian Assange:

And here is the full press release from WikiLeaks:

Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.


Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.


"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.


Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.


Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.


While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
TwelveOhOne's picture

I have a feeling this is also potentially a violation of the 3rd Amendment -- we're housing "soldiers" (the spy deviecs) in our homes.  And of course the 5th, because from the spying data they can cause us to incriminate ourselves.

detached.amusement's picture

That's technically 4th, since its just information.

When they add frickin laser beams to them, however...

TwelveOhOne's picture

Yeah, I realized as I was writing it that it was a little contrived -- but, only a little.  The Bill of Rights doesn't define "soldier" as other than human, as well.

Don't need lasers -- some phones can be made to explode, so, there's that.

Lumberjack's picture

Hey, Cisco sytems are used in the SWIFT banking setup.

Is this how all those Trillions from the pentagon disappeared? I bet it us and they can take over the swift system to move a lot of money without being noticed.

sgt_doom's picture

To the National Security Establishment (or, as I prefer to more accurately label them, the Financial-Intelligence Complex) . . .




Dr. Engali's picture

You really think the Appleloonians give a crap about this,or will even pay attention to this news? All they care about is how coooooool their NSA tracking devices are.

froze25's picture

Well your screwed with Droid too, so its not as if there is really a alternative.

gunzeon's picture

Guess who's living in my Huawei ?

logicalman's picture

I choose the alternative of not having a tracking device.

Pay for one??? I wouldn't have one for free.


TheGardener's picture

Took me very long and hard to reach that state, still carry a prepaid one on special ocassions.

Could as well have killed myself and become an angel up there , no friends left to communicate at

their superficial level...

Arnold's picture

What baud rate do those collection servers run at?
My cat pichers are loading kinda slow.

Offthebeach's picture

Make sure the phone handset is firmly seated in the modem muffs.

TheGardener's picture

Could you still whistle fair enough to immitate the right modulations to beam yourself out of dodge from a telephone booth ?

In my dreams I still manage the G3 fax one and get things sent off. But even if I dream of a dream of a dream, I still find myself in the matrix.

ATM's picture

Not time to short. Time to go LONG! Janet won't let her friends little play thig tank. They will keep buying up stock and getting every "news" outlet around to do a segment on Apple's new red Ipad or purple Iphone that everyone must have!

Buy Buy Buy

Tiwin's picture

Good Luck.

My aapl 105 puts are worth 2 cents, I paid 3.45 for em....sigh

Ghost of PartysOver's picture

My gut always to me not to buy Apple products and I never have.  Looks like I was correct.  Winning?

PT's picture

They lost me when they didn't trust me with an Eject button on their disc drives.  And that was not the only problem at the time.
Then they got worse.

Shame.  They had a nice processor.

froze25's picture

What was that called? The PowerPC (processor) or something like that, it was a RISK based processor if my memory serves me?

TwelveOhOne's picture

Close, you got the sound right -- it was RISC, for reduced instruction set computing.

[Edit: Difference between those and the Intel-style is that Intel-style has variable-length instructions, i.e. "mov AX,CX" is shorter than "mov AX,[64-bit address]"; whereas in a RISC processor, all instructions are the same length.  This makes it easier to process the instructions, at the expense of increasing memory requirements (since the instructions are all "long" and there aren't any "short" ones).]

froze25's picture

Aren't ARM processors RISC processors? Seems like today with cheap memory it would be a good technology.

TwelveOhOne's picture

Yes -- in fact, the "R" in "ARM" stands for "RISC" -- initial "Acorn RISC Machines" and later "Advanced RISC Machines".

Arnold's picture

Linux, although rumored to be corrupted too, may work on Crapple products.

sleigher's picture

There were a few times they caught stuff going into the upstream kernel.  Didn't make it in.  Doesn't mean they caught them all, we only hear of the ones they did catch.


This says nothing of the different distros though...  RedHat, SUSE, Ubuntu...   Trust nothing unless you compile it yourself from a compiler you compiled yourself. 

froze25's picture

Not only compiled it yourself but actually read over the entire code prior to compiling, good luck with that endeavor.

ParkAveFlasher's picture

Why wouldn't you assume that Asian (or whomever) spy agencies do the same through Samsung, etc.?

The problem is that veiled by the complexity of modern technology is the underlying malice of men seeking power over men, men seeking power over creation.

But, data won't get them there, either.

ATM's picture

Where do you think Apple's and all the rest of them are made?

Those little electronic devices are all full of spyware from all sorts of actors and it wouldn't surprise me one bit if they are all in on it together.

Winston Churchill's picture

My last Apple purchase was back in the 80's.Floppy drives and all.

TheGardener's picture

True reactionary here , never bought or owned an i-thing, banned from all my companies back then and fully

rejected by the trifecta of a private citizen of me myself and I that to this day makes decisions in IT deployment :-)

Yet those firmware based fully installed bug routines right out of factory gate should make this always and ready paranoid old hand get a heart attack. Thanks to ZH , my favourite doomsters site, I am all prepared to to take bad news much worse than the original conspiracies should have implied with a generous yet stupid smile.

This aint no root kit, it is rooted in firmware !



MrBoompi's picture

You'd be correct if it weren't for the fact the CIA is doing the same thing on whatever computer or phone you're using.  We've known for some time they can collect everything.  Sometimes we get shocked at the methods they use though. 

sleigher's picture

"My gut always to me not to buy Apple products and I never have."

Intel CPU's have 3g built in.  On the die.  Remote access ALL the time.

Just a matter of time til we hear about Samsung (TV's already), windows phones, HTC...

Who is winning again?

I am Jobe's picture

Don't say that. At 30 , 40 years old they will need their families to support them.  They are special 

Smedley's picture

It's for the future, one of these clowns is eventually going to be a senator, company leader, etc...

They will already have years of dirt on them!!



sgt_doom's picture

Let me see if I understand you correctly, Smedley?

You believe there is going to be a future???????

Cognizant Millennial's picture

Hey man...that's not true for all of us.


Most of us, sure. Almost all of us, absolutely.


99.9%? Possibly.


But, uh, there's definitely a few who aren't worthless. Many fews! Possibly even a dozen!

New_Meat's picture

So you're saying that all of the news about millenials is ... gasp ... Fake News?

sessinpo's picture

They might eventually make great sleeper cells.

victoriamproletari's picture

Yeah we're pretty worthless. Unlike our previous generations that empowered central banks, epected corrupt politicians and squandered the most prosperous economy in modernity. Hard to have much worth when your predecessors piss all the money away. Good job on that.

Btw how many millenials voted for Slick Willy and GW?

SmittyinLA's picture

Millenials want to track millenials to sell each other's privacy, nothing left to liquidate but their privacy 

J. Peasemold Gruntfuttock's picture

How quickly it is forgotten.

Apple is not the first nor the last.

US agencies intercepting CISCO routers and switch deliveries and loading 'bogusware' in place of factory firmware and then repacking in mini factory operations complete with fresh packaging and a nice surprise for the end user.

Recall if you will the recent rejection of HUAWEI network infrastructure by governments around around the world, who were then promptly branded as 'racists' for not adopting state sanctioned 'bogusware' and embedded nastiness in the silicon to avoid detection.

Remember how long the taps on MAE West, MAE Central and MAE East have been open!

And MICROSOFT Windows 10, giving you a warm wet pocket feeling as it 'streams' 5,500 times a day.


J. Peasemold Gruntfuttock

halcyon's picture

Indeed. Apple, google, facebook, microsoft, yahoo.

They are all part of the same big data collection network for NSA/NRO/CIA and three letter agencies we don't even know of, whether these companies want or not.

You can very cheaply bribe an engineer making $100k/yr to insert a few lines of code in a RND function, in some timing call or some elliptical encryption math, that only other math-geeks would ever notice.

And because the source is closed, nobody ever notices it, except the people who paid for it and know how to access it.

If you want security, use OpenBSD, and of course, even that is no guarantee, but at least it's run, vetted and peer-source-reviewed by security-nutjobs.

On the phone front?

The old Nokia dumbphones, that can be IMEI-hacked and which are now going for several hundred dollars apop (used), as the drug lords know how effective they are in evading tracking.


J. Peasemold Gruntfuttock's picture

Yes Halcy-on, the list is long and convoluted.

My biggest concern is not so much with tampered operating systems, applications and ROMs which are relatively quickly discovered and replaced.

The harder nut to crack is finding parasites in the encapsulated silicon.

Slice 'em open good buddy, layer by layer, and you will be amazed how much undiscovered territory is out thar. And has been for decades.

As O. Newton-John so wisely espoused all those years ago "Let's get physical", as everything else is smoke and mirrors.


J. Peasemold Gruntfuttock



San Pedro's picture

That's soo good. I'm going to spread this around like Small Pox!!

aldousd's picture

It was installed in the suppliers hardware, and only assembled by apple. Apple didn't put it there.  That being said, they probably would have found it at some point, even if they didn't put it there.

biker's picture

To bad they write the history books.