The latest and follow-on revelations made by WikiLeaks on the CIA
cyberhacking scandal Thursday highlighted the techniques used by the CIA to gain persistence on Apple Inc.
(NASDAQ: AAPL)'s Mac devices and demonstrates the use of
EFI/UEFI and firmware malware.
The Background
For the uninitiated, on March 7, the Julian
Assange-led publication released "Year Zero," the first of a series of disclosures, code-named as "Vault 7," that revealed
details of the sophisticated tools to break into smartphones, computers and TVs of big corporations.
Hacking Into The Mac
The latest revelation delved on the "Sonic Screwdriver" project, which allowed execution of code on peripheral devices while a
Mac laptop or desktop is booting. This code allowed a hacker to boot its attack software from peripheral devices such as a USB,
even when a firmware password is enabled. The leaks suggested that the Sonic Screwdriver infector is stored on the modified
firmware of an Apple Thunderbolt-to-Ethernet adapter.
DarkSeaSkies
The WikiLeaks release also explained DarkSeaSkies, an implant that persists in the EFI firmware of an Apple MacBook Air
Computer. This consists of DarkMatter, a EFI implant, SeaPea, a kernel-space implant and NightSkies, a user-space implant.
The document also included the manual for the CIA's NightSkies 1.2, an implant tool for the iPhone. The 1.2 version is expressly
designed to be physically installed onto factory fresh iPhones, with the CIA infecting the iPhone supply chain of its target since
at least 2008.
DerStarke2.0
The EFI-persistent version of infector "Dark Mallet," which infects Triton MacOSX malware, is called DerStarke. The latest
version of it is 1.4, which was launched in 2013. "As of 2016 the CIA continues to rely on and update these systems and is working
on the production of DerStarke2.0," the WikiLeaks release said.
Companies Receive Offer To Assist
Companies, including Apple, Cisco Systems, Inc. (NASDAQ: CSCO), Alphabet Inc (NASDAQ: GOOG) (NASDAQ: GOOGL), Facebook Inc (NASDAQ: FB), Microsoft Corporation (NASDAQ: MSFT) and SAMSUNG ELECTRONIC KRW5000 (OTC: SSNLF), fell victims to CIA's ploy, the WikiLeaks disclosures said.
Despite Assange's offer to support the sharing of the precise software code used, these companies have not reacted much, given
the fears of violating laws governing the receipt of classified information, a
New York Times report said.
Google and Microsoft had merely asked existing channels to report any security breach, by pointing out the WikiLeaks revelation.
Apple refused to talk to WikiLeaks directly but has asked any information intended to be shared to be submitted through the normal
process under its standard terms.
The New York Times report also quoted Apple as saying the Mac vulnerabilities described in the disclosure were previously fixed in
all Macs launched after 2013.
Related Links:
WikiLeaks' Vault 7:
What Are 'Zero Day' Vulnerabilities?
Intel, Others
Respond To Vault 7 CIA WikiLeaks With New Security Tools
There
Have Been Some Notable Cybersecurity Breaches In 2017 (And It's Only March)
© 2017 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.