Thanks to WikiLeaks, the tools that the CIA has been developing for years to hack into Apple products, are now public.
On Thursday, the group released new documents called “Dark Matter”, as part of its ongoing publications on CIA hacking tool. The documents released today focus on Apple products, specifying the CIA’s methods for breaking into MacBooks and iPhones.
The released documents are mostly seven years old, which puts them significantly behind today’s technology and the company’s current products. However, they still show a continuous effort to find and use weaknesses in the company’s products.
“Sonic Screwdriver” is one of the tools mentioned in the document. It’s used to infect MacBooks through a USB or Thunderbolt port, apparently installed when the CIA had physical access to a device.
Other tools are implants that themselves in the computer’s firmware interface, which makes them undetectable when using traditional forensic techniques.
Early versions of the iPhone apparently gave the agency a hard time. It’s targeted only by one of the tools, the “beacon” which is installed on an intercepted phone before purchase.
These bugs are quite old, which makes them unsuitable for contemporary Apple products. However, it’s likely the CIA has developed similar capabilities to target today’s MacBooks.
WikiLeaks promised to disclose all the Vault 7 vulnerabilities to the relevant companies for patching, but they haven’t been fast enough in fulfilling that promise, as they requiring a series of conditions before disclosing the bugs
Apple has denied any negotiations with Wikileaks and insisted that newer models are immune to attacks.
Here’s the company’s full statement:
“We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.
We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.”