On the tail of its damning CIA hacking bombshell, WikiLeaks published another trove of documents on March 23 outlining how the spy agency has been uploading secret software to Apple devices as far back as 2008.
Named “Dark Matter”, the latest release shows the CIA has been infecting iPhones since shortly after the product’s launch in June 2007. In some cases, the agency “interdicted mail orders and other shipments” to open, infect, and resend devices leaving the United States.
WikiLeaks said it was “noteworthy” that the NightSkies program, said to be a “beacon/loader/implant tool” for the Apple iPhone, “had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. I.e. the CIA has been infecting the iPhone supply chain of its targets since at least 2008.”
TechCrunch observed: “It was quite powerful as NightSkies could access your address book, SMS conversations and call logs in order to upload it to the CIA’s servers. The agency could also execute commands on the iPhone remotely to install new tools and more.”
WikiLeaks noted: “While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.”
This technique was something that had been previously hinted at in documents released by National Security Agency whistleblower Edward Snowden.
Among other capabilities, according to the outlet, the second batch of Vault 7 documents reveal the so-called “Sonic Screwdriver” project which, “as explained by the CIA, is a ‘mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting, allowing an attacker to boot its attack software, for example, from a USB stick ‘even when a firmware password is enabled.’”
[Abridged from Common Dreams.]