Wikileaks Releases "NightSkies 1.2": Proof CIA Bugs "Factory Fresh" iPhones

Tyler Durden's picture

The latest leaks from WikiLeaks' Vault 7 is titled “Dark Matter” and claims that the CIA has been bugging “factory fresh” iPhones since at least 2008 through suppliers.  The full documents are expected to be released after a 10 a.m. EDT “press briefing” that WikiLeaks promoted on its Twitter.

Here is a live stream of the pending press briefing with Julian Assange:

And here is the full press release from WikiLeaks:

Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.


Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.


"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.


Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.


Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.


While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Ghost of PartysOver's picture

Remember FBI Comey's dog and pony show about not being able to unlock that IPhone from the San Bernidino(sp?) terrorist.  Then there was speculation the FBI got an Isreali company to do it.  Looks all BS to me.  He probably just drove it over to the NSA/CIA/DIA..... for a little unlocking party.

The Effing Deep State is out of control.

Chupacabra-322's picture

Jobs never wanted to hand over the backdoor keys over to the Pure Evil Criminal Psychopaths at the CIA. Instead, the CIA handed Steve the Cancer.

Very "Plausible."

Jubal Early's picture

He died in 2011 of a fast acting cancer.  The hacks have been there since 2008.

WillyGroper's picture

whata did Frank Church & that was decades ago.

prolly nuthin.

Abbie Normal's picture

Actually, he supposedly died of pancreatic cancer after a five-year battle.  Most patients only last six months after the diagnosis, and they don't slowly waste away like an AIDs patient does; like Jobs did.  Maybe the red iphone is his memorial....

ReZn8r's picture

The FBI lies more than the CIA and NSA combined. There is only one thing that will change our country, a complete and thorough purge/elimination of the evil ones.

HenryKissingerChurchill's picture

The FBI lies more than the CIA and NSA combined. There is only one thing that will change our country, a complete and thorough purge/elimination of the evil ones.

that is so anti-semite! <Unit 8200>

2ndamendment's picture

Can someone please hire a Ukranian gunman to take care of this? 

Arnold's picture

Forensic specialists examined the body last night at the Naval Hospital in Norfolk, Virginia, concluding that the cause of death for Mr. Foster should be changed from suicide to homicide.

Dirty website, but Our Vince will be happy to know this.

TwelveOhOne's picture

Upon further searching I see articles from WMD from last year, and others from even earlier.  Not sure what is new, here, and for the article to say "last week" seems a little suspicious rather than giving the exact date the autopsy was performed, etc.

Herd Redirection Committee's picture

Mike Rivero (whatreallyhappened) says its fake and that a bunch of people tried to 'feed' it to him, to get him to bite on it.

He says they had the wrong cemetery listed, for starters.

But no question the investigation should be re-opened!

Justin Case's picture

It's for our own safety.

CrimsonAvenger's picture

So the San Bernadino terrorists - when Apple refused to de-encrypt their phones - I guess that was all for show, all bullshit. Typical.

MsCreant's picture

That really does need to be put together as it's own story. Show dates for everything, track capeabilities, publish. Oh wait, you need real news outlets to do that. Nevermind...

J Jason Djfmam's picture

Next up - "I Am The Shit 1.4"

Herd Redirection Committee's picture

Real news... Yeah... Rothschilds bought Reuters in the late 19th century already.

Hearst,  hell he was your typical 21st century warmongering robber baron media mogul, more than 100 years ago.

Operation Mockingbird, CIA 'infiltration' of the media since the (start) end of WWII.

nati's picture

It's all a show, my friend. The "terrorists" included.

Snot Boogie's picture

I think it was more about creating a pretext to try to get laws about encryption and/or legal government backdoors passed.  You just gotta, you know, catapult the propaganda.  

swmnguy's picture

Yes, you are correct.  The feds already had all the info they wanted.  They just couldn't take it into court.  So that whole tempest in a teapot was about legalizing illegal hacking and creating precedents so they could bring their surveillance out into the open.

It never had anything to do with not being able to get into the phones.  The story about the Israeli company hacking in where supposedly nobody in the US spy system could was a nice touch, I have to admit.

Chupacabra-322's picture

@ Crimson,

Yes, that's the Pure Evil Criminal Psychopaths at the CIA "Cover Story." The reality is Vault 7 was already fully operational.

Lawlessness. Open, in your face Criminality with Impunity.

PT's picture

The internet was never anonymous.  Your first clue was when the net first went mainstream and MSM assured you that the internet was anonymous.
"Really?", I asked, "Then how do they know where to send the phone bill?  How do they know how many megabytes I downloaded?"

Now, my technical skills are not perfect.  PERHAPS on day one I was just exercising a healthy dose of paranoia based on my limited knowledge.  After all, even if the net was anonymous, how would you know when it changed to no-longer-anonymous?  Technicians are free to tell me I am wrong and show us why.  I like to learn.  But the greatest concession I will give is that internet-snooping went from "not-too-hard" to "really-easy".

agstacks's picture

Does anyone know if there are any custom versions of Android/iOS out there specially created to patch these holes? 

MsCreant's picture

Patch? You mean like with spackle and a putty knife? ~Hillary

TheMeatTrapper's picture

You'd need a soldering iron and your own chips to patch these holes. Ain't no patch for this.

Misean's picture

They are NOT operating system flaws. All computing devices have a set of initial instructions that provide hooks to the operrating system to boot. The reason we "boot" computers, is that this initial operating firmware allows a computer to "Pull itself up by its own boot straps." Literally where the term "booting" came from.

These malwares are part of THAT system, the booting or initialization software. It has nothing to do with the O.S. The only real way to fix it would be to pull the ROM (Read Only Memory) chip that stores this software, flash a new ROM with clean code and install the new ROM. Reflashing the old ROM might work, but, since flashing software has to communicate with the infected ROM the infected ROM could tell the flashing software that a job was complete even if it weren't.

Jubal Early's picture

The release says:  "by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware"

UEFI was ostensibly added to Windows computers to about 2010 precisely to prevent these boot loader viruses, what a (((sick joke))).  I know because I have installed Linux on a few of these UEFI boot machines and its always a pain to get them to boot linux. That likely is also not a coincidence.

Misean's picture

Linux...heh...try FreeBSD.

Winston Churchill's picture

Indeed, the malware is in the BIOS, thats why reinstalling the os has no effect at all.

Everytime you reboot it reinfects the os.

Its no surprise to me, been saying it here on ZH for years.

LawsofPhysics's picture

anyone who has been working with computers since the 80's knows this...

There are advantages to knowing how something really works...

...something that seems to be lost on today's youth.

TheGardener's picture

Todays youth is not at fault.  They have a keen interest in knowing how this fully fucked up world we are representing them (including me and you because we seem to have done nothing enough to change it for them) really works and for good.

Computers have been artificially held up at taboo level when basic programming skills should have been thought at grade level 15 years ago.

We intentionally held those youngsters not only stupip but as stupid as it gets .

All day all people are onto some device they don`t bother the least how it works.

I dare you old timer to come out and explain it to the kids. At least the very young would get it, unlike the aging folks hooked up

to user applications that have nothing to do with computer work.

GreatUncle's picture

UEFI was the formalised hack structure ... lol.

You all fell for it to be a secure boot, secure boot for the CIA not anybody else.

Winston Churchill's picture

Long before that.

I was told about it back in the 80's by a alcoholic Welsh programmer.

He did contract work for GCHQ and the NSA. Two pints of hard cider and he let slip all sorts of things.

He had a five line program that could defeat any password protection.

That was then, just think what they can do now.

HenryKissingerChurchill's picture

Does anyone know if there are any custom versions of Android/iOS out there specially created to patch these holes?

yes, it was called Blackberry.

MaxThrust's picture

Someone, needs to set up an online website where a owner of an apple product can connect their device and have it scanned for the code / malware. This is a very good business opportunity for the savy coder.

MsCreant's picture

The things the CIA name's this shit speak volumes. These are some power hungry, and proud of it, narcissists. 

Misean's picture

Hmmmm...never thought of Dr. Who that way. Kinda geeky but not power hungry (Sonic Screwdriver is The Doctors swiss army knife).

GreatUncle's picture

Right lines ... so would a Brit or a Yank dream up a sonic screwdriver?

And at what age would the individual be?

What's the betting it was a GCHQ device and the name subliminally carried over?

Odds on because they have even less rules on spying than the CIA and that would also mean that the CIA was not responsible for creating spy products for a predominantly American market.

If not and they did it themselves then you American privacy constitution by one of your own just went out the window.

Misean's picture

Aye, and I have spent time on both sides of the pond and am a geek. Although the BBC reboot of Dr. Who was quite popular over here, I'd recon an American geek would go more Star Trek/Wars or Matrix rather than Who. So, yes odds on that it was GCHQ.

MsCreant's picture

Used to watch Dr. Who years ago, have not seen the new ones, I did not place the terms.

Give me this, Dr. Who, while a great guy, was arrogant as all get out, at minimum. Even a tiny bit narcissistic. But not CIA narcissistic tho.

Chupacabra-322's picture

@ MsCreant,

A Psychopathic trait is one of being Narcissistic.

artvandalai's picture

What about my Android phone??? I want one!!! Is this an app I can download?

thecondor's picture

If I give up my istuff, how do I get ZH?