CIA Infects Apple Devices With Unremovable Malware Even with every instrument we use
Dubbed “Dark Matter,” the leak uncovers macOS vulnerabilities and attack vectors developed by a special division of the CIA called Embedded Development Branch (EDB) – the same branch that created ‘Weeping Angel’ attack – and focused specifically on hacking Mac and iOS firmware.
According to Wikileaks, the released documents also gives a clear insight into “the techniques used by the CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.” using the some below tools
One of the documents, which is dated November 2012, reveals details about the “Sonic Screwdriver” project, which according to the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting.”
The hacking method described in this documents allows access to a Mac’s firmware using an Ethernet adapter that plugged into the computer’s Thunderbolt port.
It allows hackers to deliver malware from a peripheral device – such as a USB stick or a external hard drive – “even when a firmware password is enabled” on the device.
Another document in the latest release consists of a manual for the CIA’s “NightSkies 1.2,” which is described as a “beacon/loader/implant tool” for the Apple iPhone.
“COG has the opportunity to gift a MacBook Air to a target that will be implanted with this tool. The tool will be a beacon/implant that runs in the background of a MacBook Air that provides us with command and control capabilities. The implant will beacon periodically
While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise,” says WikiLeaks.
CIA’s Dark Matter leak is the second batch of Vault 7 released by WikiLeaks, after the whistleblower organization released the first part of an unprecedentedly large archive of CIA-related classified documents on March 7.