Apple claims that the CIA hacks released by WikiLeaks in its Vault 7: Dark Matter cache are obsolete and pose no threat to current iPhone and Mac users.
The WikiLeaks documents list several projects meant for use on OS X devices (Macs) and one project, NightSkies v1.2, intended for implementation on the iPhone. According to USA Today, Apple has examined these documents and has determined that none of them will work on current versions of the Mac OS or iOS software.
Apple states that NightSkies relies on a vulnerability that only existed in the iPhone 3G. This security hole was patched “in 2009 when iPhone 3GS was released.” The documentation for NightSkies as shown in the WikiLeaks release reveals that it was published in 2008. The “User Guide” also states that the “target device” for the hack is the “Apple iPhone 3G – OS version 2.1.”
Some of the CIA documents refer to firmware embedded exploits. WikiLeaks claims that the intelligence organization had the ability to install the program on the firmware of the iPhone. Doing this would allow the program to remain on the device (known as persistence) in the event of a patch or even a factory reset. However, Apple ceased production of the iPhone 3G in 2010, according to CNET. So not only was the operating system patched eight years ago, but the device, including all of its firmware, has also not been in production for seven years.
However, iPhones are not the only Apple devices that were being targeted by the CIA. According to the WikiLeaks Vault 7 documents, at least five other exploits were created that were meant for Mac laptop and desktop computers. Sonic Screwdriver, DerStarke v1.4, Triton v1.3, DarkSeaSkies v1.0, and SeaPea v2.0 were all looking to exploit the OS X operating system in various ways.
Sonic Screwdriver is an external exploit that requires physical access to the targeted Apple computer. The tool is a unique adapter that an agent uses by connecting it to the Mac’s Thunderbolt port. This adapter bypasses the firmware password allowing the operator to install an exploit from an external drive or USB device. Sonic Screwdriver is simply a physical device used to install the other programs listed to the Mac firmware without having to know the firmware password.
DarkSeaSkies was an exploit that was developed for “OS X 10.5.2-10.5.x” (the Leopard series) and required physical access to the computer which would then be “gifted” to the target under surveillance. It was essentially a beacon that could allow a listening post to detect when someone was using the computer, perform to-and-from file transfers, and execute other programs.
SeaPea was a rootkit built for OS X 10.4 (Tiger) and 10.5 (Leopard).
According to security firm Veracode, “A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence.”
SeaPea is the oldest CIA hacking tool listed in the WikiLeaks document dump. It is unknown how many users still run OS X 10.4 or 10.5, but according to Computerworld, even users who operate under 10.6 (Snow Leopard) are dwindling since Apple stopped support for it in 2014.
DerStarke and Triton are the most recent CIA programs on the WikiLeaks list. They are essentially the same program, the only difference being that DerStarke is diskless and EFI-persistent as well as being slightly more recent. According to the documentation, Triton was developed for any Mac using OS X 10.7 (Lion) or 10.8 (Mountain Lion). DerStarke was intended for OS X 10.8 and 10.9 (Mavericks). Those operating systems are 3-5 generations old. The current version of Mac OS is 10.12 (Sierra). So the latest version of DerStarke was built for an operating system that was replaced in 2013.
— Vessel News (@VesselNews) March 23, 2017
While this does not make all of these tools completely obsolete, Apple claims that the vulnerabilities listed in the WikiLeaks documents are “fixed in all Macs launched after 2013.”
USA Today notes that it is interesting that the CIA had a tool to exploit the iPhone 3G that it created in 2008.
“It is unclear whether the systems described are still functional. If true, they would indicate that the CIA was looking into ways to bug iPhones soon after they were first introduced in 2007.”
Apple assures us that the CIA hacking tools as described in the WikiLeaks documents are not viable on modern systems. However, that does not mean that the CIA does not have a more current set of tools. In fact, considering the dates on these documents, it is unreasonable to assume that the intelligence community does not have more recent technologies that it has developed and is continuing to use.
No guarantees exist that will prevent hackers or the CIA from spying on your Apple iPhone, Mac, or any other type of computer or phone. Tools similar to those found on WikiLeaks have been in use since the dawn of the digital age. However, the best defense has always been to keep your operating systems up to date.
[Featured Image by Jessica Hromas/Getty Images]