The dump, dubbed "Vault 7," contains documents on a number of CIA projects which sought to infect Apple firmware, developed by the CIA's Embedded Development Branch. A fortnight prior to this dump, WikiLeaks published thousands of CIA documents, which detailed attempts to spy on foreign leaders among other shocking revelations. The DarkMatter" set is far more focused, consisting of but 12 documents.
RELEASE: CIA #Vault7 "Dark Matter" https://t.co/drdaVhtb53 pic.twitter.com/wZUspTsJ4c
— WikiLeaks (@wikileaks) March 23, 2017
These documents expose the "Sonic Screwdriver" project, a "mechanism for executing code on peripheral devices" while a computer is booting, which would allow CIA attackers to launch hacking software via USB drives and the like even when a firmware password was enabled. "Sonic Screwdriver" was an infector stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.
RELEASE: CIA #Vault7 "Dark Matter" https://t.co/pgnfeODXVB pic.twitter.com/vkI16f3vMD
— WikiLeaks (@wikileaks) March 23, 2017
Likewise, "DarkSeaSkies" was an implant consisting of "DarkMatter" "SeaPea" and "NightSkies" —respectively EFI, kernel-space and user-space implants.
Also included in this release is the manual for the CIA's "NightSkies 1.2" — a "beacon/loader/implant tool" for iPhone, which allows attackers to retrieve files such as contact lists and call logs, and execute commands. NightSkies had already reached version 1.2 by 2008, and was expressly designed to be physically installed onto box-fresh iPhones. In essence, US intelligence services have been implanting hacking software on yet to be bought iPhones for almost a decade at the time of the documents' release.
Moreover, the documents describe techniques for rewriting devices' firmware in ways that would afford a hacker access even if a user restored a phone or computer to factory settings. A "hard reset" would remove all apps and a device's operating system, installing a clean version — an extreme measure typically employed by users to deal with technical problems, but also a precaution the security-conscious may take when buying a new phone.
The CIA has consistently refused to comment on the authenticity of documents released by Wikileaks, with the Agency merely stating it complies with legal prohibitions on electronic surveillance that targets individuals on US soil, and US citizens abroad — this set of exposures is no exception.
Matthew Hickey, security expert and founder of Hacker House, said questions remained over how the CIA installed these programs on electronic devices, but potential methods — such as infecting a targeted organization's supply chain, by interdicting mail orders and other shipments leaving the United States or other countries — were "extremely troubling."
"The NSA has previously intercepted devices in the mail and manually installing malicious software before they are delivered to companies. This should be a major cause for concern for companies purchasing equipment in bulk from suppliers like Apple," Hickey told Sputnik.
This said, Hickey said the documents suggested the CIA targeted devices on an individual level, rather than entire shipment — unlike the methods detailed in Edward Snowden's NSA leaks — the CIA, he noted, are more interested in "personal spying," while the NSA was focused on "corporate attacks."
"There's been little research into how "firmware" can be removed, although one tip suggested by these documents is users could move their device's clock forward 180 days, causing the firmware to deinstall itself. Security solutions and scanning tools for detecting the presence of such software are very much in their infancy — at the moment, determining whether your computer or phone is compromized could necessitate physically opening it," Hickey continued.
WikiLeaks' #Vault7 shows that the CIA has developed a huge range of attacks against iPhones since at least 2008.https://t.co/neRkgWFzcA pic.twitter.com/QFnh0WJ3kA
— WikiLeaks (@wikileaks) March 23, 2017
"Everyone needs to be concerned about this. We need to take a lot more responsibility for our own personal security and understanding, our use of technology and how it can be taken advantage of by the intelligence services. This isn't business meetings being bugged, this is about individual's personal devices being targeted. We need to be vigilant and aware, and engage with cyber security services as part of our daily lives."