“If the CIA wants inside your Mac, it may not be enough that you so carefully avoided those infected email attachments or maliciously crafted web sites designed to plant spyware on your machine,” Andy Greenberg reports for Wired. “Based on new documents in WikiLeaks’ ongoing release of CIA hacking secrets, if Langley’s hackers got physical access, they still could have infected the deepest, most hidden recesses of your laptop.”
“The documents show how the CIA’s spyware infects corners of a computer’s code that antivirus scanners and even most forensic tools often miss entirely. Known as EFI, it’s firmware that loads the computer’s operating system, and exists outside of its hard-disk storage,” Greenberg reports. “‘The EFI is what orchestrates the entire boot sequence. If you change something before that, you’re controlling everything,” says Karsten Nohl, the founder of Security Research Labs and a well-known firmware hacker. ‘It becomes part of your computer. There’s no way of knowing that it’s there, and also hardly any way to get rid of it.'”
“The CIA’s documents describe a series of tools that agents can use to install ‘implants’ on target machines, capable of silently monitoring everything that occurs within its operating system and transmitting it to a remote operator,” Greenberg reports. “The documents focus almost entirely on Mac attacks, but also include a passing reference to an attempt as early as 2008 to create similar physical access for the iPhone. It notes, though, that the mobile attack ‘does not have stealth and persistence capabilities.'”
Read more in the full article here.
MacDailyNews Take: Note that, as with the iPhone (at the “factory level,” “shipping interdiction,” or otherwise), the Mac exploits require physical access.
New WikiLeaks Vault 7 ‘Dark Matter’ leak claims CIA bugs ‘factory fresh’ iPhones, infects Mac firmware – March 23, 2017