Wikileaks has published the next installment in their series of documents on the CIA titled “Dark Matter.”
The release contains several documents showing various methods which CIA projects use to infect Apple Mac Computer firmware. They show that some of the infections can continue to exist on Apple computers even if the operating system is re-installed in an effort to wipe malware. The following documents were contained in the release.
Sonic Screwdriver, a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” which would allow an attacker to boot their attack software (from a USB for example) even when a password is enabled. It is stored within an Apple Thunderbolt-to-Ethernet adapter.
DarkSeaSkies, an implant that persists in the EFI firmware of an Apple MacBook Air computer. This tool is a combination of “DarkMatter”, “SeaPea” and “NightSkies”, which are EFI, kernel-space and user-space implants, respectively.
NightSkies 1.2, a “beacon/loader/implant tool” for the Apple iPhone. It was developed in 2008 and is expressly designed to be physically installed onto factory fresh iPhones. A beacon tool allows for collection of place and attachment data, meaning the CIA could use it to collect real time, actionable intelligence from an infected iPhone. It would give them the capability to determine where the device was located with a margin of error of only a few feet.
Since many of the CIA’s hacking tools are used to physically infect systems and devices held by a target they are surveilling, it is very likely that they are working to compromise the supply chain of device manufacturers. The most likely method for doing this is establishing a program to intercept mail orders and other shipments (opening, infecting, and resending) so that devices can be infected.