The CIA has had the ability to hack into Apple products, including pristine iPhones straight from the factory floor for almost a decade, and until Thursday, the public had no idea.
Wikileaks released a new bundle of documents in its massive “Vault 7” project on Thursday morning. It’s a huge trove of classified CIA records that show the spy agency’s abilities and aspirations to infiltrate every aspect of its targets’ lives, including their iPhones, iPads, and Macbooks.
The new documents, code-named “Dark Matter” by Wikileaks, detail the CIA’s specific capabilities to hack Apple products, including iPhones and Mac computers, sometimes in completely undetectable ways. The hacks, in some cases, are wild.
What are “NightSkies” and “Sonic Screwdriver”?
The CIA’s “Sonic Screwdriver” program, for instance, was able to store its code on the firmware of a Thunderbolt-to-ethernet adaptor, something most modern Mac laptops need to directly connect to the internet but isn’t thought of as ever storing any data. Another document details the aforementioned iPhone exploit called “NightSkies,” which is particularly terrifying.
Also included in this release is the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool” for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.
In other words, you could order a brand new iPhone from the Apple Store online. If the CIA had you on a list, it could intercept the phone before it got to you, install a “beacon/loader/implant tool,” that could monitor your activity, and then send the phone on its way. And it’s been able to do this since 2008, just one year after the iPhone debuted.
The documents detail an agency with relatively unprecedented abilities to infect the digital devices of its targets in foreign countries (and, potentially, domestically). All of the methods detailed take direct advantage of Apple’s “firmware” or permanent software programmed onto the device, usually by the manufacturer. This sets the CIA’s exploits apart from many other digital attacks — Wikileaks’s press release notes that once an exploit is in a device’s firmware, “the infection persists even if the operating system is re-installed.”
In other words, there’s very little a typical user can do to get rid of the agency’s viruses, because they’ve managed to worm their way into the permanent, base-level code of the computer. (Specifically, most of the CIA’s hacks can crack into EFI/UEFI firmware, the most common type of firmware in Apple laptops and most modern PCs.) As Motherboard notes, many “high-value targets” for the CIA — businesspeople, diplomats, politicians and more — use top of the line Apple products, and have done so for years. In other words, the CIA predicted that Apple’s personal devices would become ubiquitous for those with the money to afford them, and have been working hard to crack them ever since.
The hacks are also almost funny in their implementation of extremely high tech and extremely low tech hacking at the same time. Corrupting the firmware of a device designed by the best minds in Silicon Valley is no mean feat, but the whole system only works if an agent steals a package out of a UPS truck (or, more likely, has a certain recipient flagged by international postal services and collects those packages before they’re delivered).
And while some of the hacks may seem dated (NightSkies nostalgically refers to an “iPhone 3G” as its intended target), there’s little chance the CIA has abandoned any of these programs. Wikileaks notes that another laptop hack, DerStake1.4, “dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.” It might be a good time to put tape over your laptop camera.