Wikileaks Releases "NightSkies 1.2": Proof CIA Bugs "Factory Fresh" iPhones

Tyler Durden's picture

The latest leaks from WikiLeaks' Vault 7 is titled “Dark Matter” and claims that the CIA has been bugging “factory fresh” iPhones since at least 2008 through suppliers.  The full documents are expected to be released after a 10 a.m. EDT “press briefing” that WikiLeaks promoted on its Twitter.

Here is a live stream of the pending press briefing with Julian Assange:

And here is the full press release from WikiLeaks:

Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

 

Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

 

"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

 

Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

 

Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

 

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Joe A's picture

Since a lot of electronics is produced in China who says the Chinese put their malware on these devices as well? The Chinese listening in on the CIA listening in on iPhones and other stuff.

Duc888's picture

 

 

Only ifags buy ifones.

Fourth Horseman's picture

Oh, that's a fact. I used to live in a "trendy area" where there was a huge nest of those "ifaggots"

I had to move out of the city, it was becoming to stupefied with little apple worshiping commies for my tolerance level.

Withdrawn Sanction's picture

It is sad to see SO many people w/their faces glued to that little screen.  Hell, people in restaurants are more engaged w/their devices than they are w/their tablemates.

My flip phone is always good for a laugh, though it's probably hacked too.  My wife and kids are on me to "modernize."  My answer is why would I willingly put a dog leash on myself....not so much for the tracking by nosy others, but b/c people become slaves to these devices.  I've got an acquaintance who cant go more than a minute w/o checking the screen for something or other...it's just a habit for him, a very nasty habit.

me or you's picture

Never trust anything with an Intel inside.

Wipeout the HDD completely and reformatted and install Linux OS.

GeezerGeek's picture

Sorry, but in this age of the UEFI bios, firmware on hard drives, SSDs, firmware on NICs and video cards, etc., nothing is safe. For all we know, there could be malware embedded in the microcode of every microprocessor sold.

Withdrawn Sanction's picture

"Sorry, but in this age of..."

Sounds like a monster profit oppty to cater to those who incline toward privacy rather than bald exhibitionism.  Hmmm, I wonder how big THAT market is?

Misean's picture

Well sheee-it. If I have an Intel CPU what the f' diff does it make if I install Linux on it? If the malware is on a ROM (read the article carefully note that in one case it was the BIOS for the thunderbolt port that had the malware in it). The O.S. has no way of knowing anything about these bits of software. In a very real sense the O.S. must trust these bits of firmware, or the drivers would not function. This is why this type of hacking has been done for ages. A clean HDD in a new box is ASSUMED clean, by the whole food chain. A lot of this stuff is machine code written for a patented and closed source chips. Without knowing how the chip works you can't check the code on it. Not with out serious expense.

JailBanksters's picture

This is why you pay taxes, to pay people in Government to spy on you, to keep you safe.

Except, I'm not sure who they are keeping you safe from. Putin perhaps.

 

SharkBit's picture

Getting to the point that we choose to unplug entirely from the matrix and be free or be slaves.

No wonder Obozo gave out free iPhones.

cwsuisse's picture

Buy an iPhone  = pay to being spied upon (it rhymes)

outofnowhere's picture

Is it time to take a hammer and shatter my iphone into a thousand pieces? What would be the safe alternative? Which tech-device IS safe from IC bugs?

Will instant gratification and instant communication via iphones become a fad of the past,  an addiction overcome and buried? Will I have a nervous breakdown without my iphone?

I feel PTSD might be in my future. 

 

quasi_verbatim's picture

You're not supposed to take a hammer to the send/save/touch screen/button. Of course if your iPhone's fighting back then PTSD is the least of your worries.

outofnowhere's picture

Is it time to take a hammer and shatter my iphone into a thousand pieces? What would be the safe alternative? Which tech-device IS safe from IC bugs?

Will instant gratification and instant communication via iphones become a fad of the past,  an addiction overcome and buried? Will I have a nervous breakdown without my iphone?

I feel PTSD might be in my future. 

 

outofnowhere's picture

Is it time to take a hammer and shatter my iphone into a thousand pieces? What would be the safe alternative? Which tech-device IS safe from IC bugs?

Will instant gratification and instant communication via iphones become a fad of the past,  an addiction overcome and buried? Will I have a nervous breakdown without my iphone?

I feel PTSD might be in my future. 

 

moorewasthebestbond's picture

This is a real shocker.

 

I'm going to throw it on the big pile of shockers and stunners I'm building out back.

MAAAHM's picture

NO WONDER IPHONES ARE SO EXPENSIVE, just doing their part to turn the world red.

with the Google gaffe , I'm sure all the government android spyware will be wiped with the next update...

AR15AU's picture

Apple users willingly bend over to these things the rest of us call abuses.

Pulp Culture's picture

FYI, it doesn't take a microphone to listen in. Depending on the configurstion, loudspeakers can be configured to act as ad hoc microphones, not the best microphone, but it gets the job done. With a bit of clever sw, one can listen in on a room even when the speakers are active.

I just listened to an ad for a wifi enabled hearing aid, how useful. 

One EMP will spoil all of this wonderous evil.

SRV's picture

 “splinter the C.I.A. in a thousand pieces and scatter it to the winds.”

Tractare Veritatem's picture

Ah, the beauty of single source hardware, software, and integration - only need to hack the One Ring to rule them all.

 

J. Peasemold Gruntfuttock's picture

Closely mirrors the standard operating procedures underlying #pizzagate

 

J. Peasemold Gruntfuttock

me or you's picture

This Russian linux is not compromised yet.

 

astra-linux.com/

Akhenaten II's picture

All hardware has doors embedded in their firmware.  Every Toshiba and Seagate hard drive, for example, have had these doors written into their manufacture code.   Nothing is secure unless it is in a Faraday cage and kept off the Internet.

Cruel Joke's picture

Wooha - looks interesting.

Astra Linux is a Russian Linux-based computer operating system developed to meet the needs of Russian army, other armed forces and intelligence agencies. It provides data protection up to the level of "top secret" in Russian classified information grade. It has been officially certified by Russian Defense Ministry, Federal Service for Technical and Export Control and Federal Security Service.

But can you switch to ... say english version? Never heard of this and I'm a bit curious.

I Write Code's picture

Good.  All Apple customers need to be watched carefully.  Anyway they enjoy it.

Team_Huli's picture

There is a reason it has been called "eyePhone".

RICKYBIRD's picture

Wikileaks has just revealed that communications devices constructed of waxed string and two tin cans have been bugged by the CIA. Furthermore, pet goldfish are bugged. They are watching you through fish eyes. Snapping photos too. Pet birds are carrying drone device ware. Your family dog and cat......

Chet Ricco's picture

What is the point you're trying to convey? The bugging doesn't really exist? That everything is bugged? Or were you just trying to be funny? 

Sebastianbelle's picture

I almost peed my pants with your post!

HenryKissingerChurchill's picture

so EVERYTHING APPLE is "factory fresh" HACKED by the CIA...

and somehow the news will only drive the stockprice higher and higher!

F.A. Hayek's picture

And what do we suppose is being used as the beacon in drone strikes?

NEOSERF's picture

Hey Julian, thanks for all the bad stuff America does for the last couple years, been real insightful...now how about you turn to Europe, China and Russia for a couple years and actually help America for a bit?  Thanks

Chet Ricco's picture

No he shouldn't stop, these treacherous actions need to be exposed. 

Fourth Horseman's picture

Go back to being a serf. It's what you know best.

HenryKissingerChurchill's picture

Hey Julian, thanks for all the bad stuff America does for the last couple years, been real insightful...now how about you turn to Europe, China and Russia for a couple years and actually help America for a bit?  Thanks

Germany is USAs cableguy, and hacks all the satelites and the whole europe for them. WHAT? You thought somehow they STOP AT imaginary BORDERS?

samsara's picture

Work with any of these Chindit?

Pliskin's picture

<<<<  People will stop buying I-Shit upon hearing this.

<<<<  There'll be queues around the block for the next I-Shit that comes out.

 

 

Farmer Joe in Brooklyn's picture

Most plebes are paying next to zero attention to these Wikileaks releases. 

They literally give not one shit about their liberties evaporating.

They've been taught "what does it matter if you're not doing anything wrong".  What they fail to realize is that their chosen team will not always be in power and these weapons will one day be turned against them.

We need to take power back from all levels of government. Period.

Withdrawn Sanction's picture

"Most plebes are paying next to zero attention to these Wikileaks releases. "

Fortunately, it is not necessary for the mass of men to understand or even to participate for societal change to occur.  And things ARE changing, hence all the childish hysterics and hyperbole erupting from Langley, and their mouthpieces at WaPo and NYT. 

Fourth Horseman's picture

This news is VERY old news to me.

Only the smart ones will stop buying (which will be few)

The remainder of the tax cows will keep grazing away uninterrupted, peacefully pecking on their crApple product.

I've never owned a crApple product and never will.

Lumberjack's picture

I understand that Cisco is used in the SWIFT banking system. Is this how they CIA are able to move money untraceably?

https://tools.cisco.com/security/center/viewAlert.x?alertId=29776

Harry Paranockus's picture

CALEA. The Communications Assistance Law Enforcement Act explains it all.

Pulp Culture's picture

So, if my iphone is running slow and eating power, do I call apple or some alphabet security agency?

 

GeezerGeek's picture

To cure an iPhone that eats too much power, simply plug it in to a 240V socket. Problem solved. (Hint: do not inhale the resulting vapors.)

Pol Pot's picture

Here is how I get around the CIA listening into my personal shit.
I installed a camera and mic in my toilet...when I gracefully saunter in to the bathroom to pinch one....I yell Allah Akbar before bombs away......
I figure after a few of these I will be off their list...