WikiLeaks’ latest leak reveals alleged CIA exploits for Mac and iPhone

WikiLeaks has released a new set of documents related to alleged CIA spying techniques, this time detailing tools purportedly used by the agency to gain access to Apple Mac computers and iPhones. It's calling this new leak Dark Matter.  

The majority of today's document dump, part of the organization's larger Vault 7 leak, deals with ways the CIA could exploit Macs. It's unclear if these tools are still in use today or would be as effective on newer machines, though Apple has patched at least one of the vulnerabilities detailed.

The first exploit is called Sonic Screwdriver, and it let the CIA execute code from a peripheral device onto a laptop or desktop while the machine was booting. The code would be carried on an Thunderbolt-to-Ethernet adapter and would execute when the target Mac powered on. 

Apple recognized the potential for third-party devices to do this and patched the hole in 2015, as TechCrunch points out.

Then there's Triton, an automated implant for Mac OS that can access computer files once installed on a hard drive. The CIA would allegedly alert the malware to start sending files – referred to as "payload" in the documents – a directive the agency could carry out at any time. 

Related to Triton is Der Starke, a diskless version of the Triton malware that would go undetected on a hard drive. It could send data via a browser process, allowing it to fly under the radar of network monitoring systems.

Three other Mac-related tools – Dark Matter, SeaPea and NightSkies – fall under a blanket term called DarkSeaSkies. Working together, these exploits operated similarly to Der Starke to stealthily retrieve data from computers.

iPhone exploit

Last but not least is NightSkies, described as a beacon/loader/implant tool for the iPhone 3G. 

Once the CIA installed it on a phone (it would have to be done physically), the agency could track things like browser history, YouTube videos, map files and the meta data for emails. 

The exploit could nab files such as the address book, SMS and call logs, execute commands on the iPhone, take full remote control of the device and upgrade itself. NightSkies would run in the background of the exploited iPhone.

While all of these tools are relatively old, having the most up-to-date version of iOS and Mac OS X will provide you with the most recent security patches and therefore the best chance at keeping your devices secure.

We've also asked Apple for comment on the CIA's alleged tools and will update this story if we hear back.

For more on WikiLeaks' Vault 7 leaks, check out our comprehensive guide.

TechRadar – All the latest technology news

Play
Slider