New WikiLeaks’ Vault 7 data dump shows the CIA’s Mac firmware attacks

“If the CIA wants inside your Mac, it may not be enough that you so carefully avoided those infected email attachments or maliciously crafted web sites designed to plant spyware on your machine,” Andy Greenberg reports for Wired. “Based on new documents in WikiLeaks’ ongoing release of CIA hacking secrets, if Langley’s hackers got physical access, they still could have infected the deepest, most hidden recesses of your laptop.”

“The documents show how the CIA’s spyware infects corners of a computer’s code that antivirus scanners and even most forensic tools often miss entirely. Known as EFI, it’s firmware that loads the computer’s operating system, and exists outside of its hard-disk storage,” Greenberg reports. “‘The EFI is what orchestrates the entire boot sequence. If you change something before that, you’re controlling everything,” says Karsten Nohl, the founder of Security Research Labs and a well-known firmware hacker. ‘It becomes part of your computer. There’s no way of knowing that it’s there, and also hardly any way to get rid of it.'”

“The CIA’s documents describe a series of tools that agents can use to install ‘implants’ on target machines, capable of silently monitoring everything that occurs within its operating system and transmitting it to a remote operator,” Greenberg reports. “The documents focus almost entirely on Mac attacks, but also include a passing reference to an attempt as early as 2008 to create similar physical access for the iPhone. It notes, though, that the mobile attack ‘does not have stealth and persistence capabilities.'”

Read more in the full article here.

MacDailyNews Take: Note that, as with the iPhone (at the “factory level,” “shipping interdiction,” or otherwise), the Mac exploits require physical access.

SEE ALSO:
New WikiLeaks Vault 7 ‘Dark Matter’ leak claims CIA bugs ‘factory fresh’ iPhones, infects Mac firmware – March 23, 2017

23 Comments

  1. “Note that, as with the iPhone (at the “factory level,” “shipping interdiction,” or otherwise), the Mac exploits require physical access.”

    Well, I feel better already.

    1. Oh it’s pretty serious all right, takes a scum organization to stoop so low. My question is how the CIA gets physical access to the phones. Hire guys at the manufacturing plants? Get them when they come through customs? Don’t do it, but make leaks to make everything think they do it.

      Who knows but the fact that they are doing it is just another revelation of what most already know, that nation is a threat to the world.

      1. Post-maufacture, they go to vendors in foreign countries, to the black market, and to royal buyers and other procurement agents, and bribe them to gain access to new iPhones before they are transferred or sold. They bring their own shrinkwrap machines with them. Then the devices are obliviously acquired by princes and sheiks and imams, but also by MPs and Senators. You didn’t hear it from me.

        1. Possible and valid conjectures, but where is the proof. I’m sure Apple will be looking at the culprits and seeing what they can do to protect human privacy. It’s a humane endeavor and needs to stand up to the anti humanist threat that has become you nation’s government.

          1. Proof isn’t what it once was. This is a postmodern, postrational world we all live in, like it or not. The various media largely form our social thoughts and consensus—or try to—and our only recourse to this hypnotic control is sweet reason disseminated through open forums not controlled by governments or their corporate minions. Like this one. MacDailyNews (indirectly, at least) promotes free speech. That’s good enough for me. The day you and I are censored is the day freedom dies.

            1. It was a rhetorical question alluding to all the conspiracy theories. The potential to embrace the multitude of connections these days is fantastic. I tend to go for the facts myself, reasonably so and I do love the sweet humanitarian dance of noitlovevolution.

              I have to cut off a tad of my free speech in order for me to persist on this site. I agreed not to call your nation a couple of things. I also decided not to mention your country by name, unless it’s a quote.

              With great freedom comes great creativity, hence the palindrome.
              Know it, love, evolution.
              I love Apple, and they are going to be looking for proof. Once they find it, they will quietly do whatever it takes. Personal privacy was part and parcel of the conception of Apple. There are corporate cultures and ideals that are pro human. Some can be found in the strangest of places.

              Then again, maybe not so strange.

        2. It has to be targeted to specific people; it’s not a generic every iPhone out there type of attack. They intercept the iPhone going to named individuals. The CIA doesn’t have the resources to process and infect 70,000,000 iPhones sold, for example, in the last quarter of 2016, just to hit a few people they are interested in. Apple would SEE the changes in their firmware, and Apple also, from time to time, sends out Firmware updates to their devices which would overwrite what ever the CIA has placed on these devices, cancelling out whatever has hidden in it.

            1. Firmware CAN be overwritten by a FIRMWARE update, Mark. . . and for the CIA to infect the firmware of ALL iPhones would be detected in the first integrity check on the firmware. That is something done by Apple on a regular basis. It’s not left to chance.

  2. The CIA and the NSA has the capability to gain physical and remote access to any electronic gadget anywhere along the supply chain, domesting and foreign, and implant a back door to an IFI. They can do this because they have nearly an unlimited black budget with which to do as they please with no accountability. From 1998 to 2000, the CIA had a black budget of 1.7 Trillion that the US Congress did not disburse; It go it by skimming a certain percentage right off the top of all gov. departments. This is why those departments always ask for more than their operations need. All this talk in Congress about FISA this and FISA that is merely a kabuki dance. They can get away with spying and implanting without complying with FISA.

    The congress dare not rebel against the National Security Police State for fear of having it release all kinds of incriminating emails it has on them which is blackmail. Yes, the police state controlls representatives and legislators with blackmail.

    1. Simply because a government agency has the means to break the law or commit extortion does not prove that they have done so, any more than the fact that someone has a gun proves that he is a criminal.

      Just because something is immoral does not necessarily mean it is illegal. The collection of foreign intelligence from non-citizens overseas has never been subject to the Constitution.

  3. In years gone by you could go to an Apple store or to an Apple authorized repair facility and have them flash the EFI. That would update/restore it to a current, approved factory condition. In rare circumstances Apple even had users flash their own EFI when bugs in the EFI became known. I don’t know if you can still do that. However, if anyone has concerns about their Mac they should check to see if this service is still available.

    Apple could make the EFI much, much more bulletproof if they put it into a secure enclave like the iPhone has. It is not 100% secure, but it will make changing the EFI much more difficult. (Of course, this only helps once the first user sets up his/her machine and in the process thereof lock down that secure enclave.)

    1. Unbeknowest to the Apple Genius, flashing the EFI at the Apple store could very well infect a gadget with the CIA or NSA back door even to an up-until-then possibly pristine EFI.

    2. That was not EFI, the was Open Firmware. It was different.
      Most modern machines have EFI now, in fact when you run a hackintosh are basically running a hacked EFI..
      This is how easy it is.

  4. Look at a bigger picture. If WikiLeaks is a source for Russia to dump others secrets then is very serious. ( I am sure not all of you believe this. ) Russia has got rid of tools used by their competitors; not just the CIA, other countries too. The Russians can have other means of extracting the same info thus getting rid of others ability to do the same. They may not have the ability, now no one else does either. Spying has always been cat and mouse, with cats competing over the same mouse. They just killed our cat.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.