Apple Users Be Warned: CIA Exploits Revealed

Apple users be warned, CIA exploits revealed! Yesterday in a press release WikiLeaks revealed detailed documentation of serveral CIA projects designed to exploit and infect Apple Mac firmware. Most notably the, “NightSkies 1.2” project has been released and is expressly designed to be installed on iPhones before leaving the factory and according to WikiLeaks the CIA has been infecting the iPhone supply chain since 2008. 

Exploit Persistence by CIA

Since the CIA has been designing exploits that infect the firmware of the Apple devices their infections will remain active even after a complete re-installation of the Operating System. Firmware, for those less technically inclined, refers to the code that lives in non-volatile memory (typically used for long-term persistent storage differing from RAM or Random Access Memory which is volatile meaning when the computer gets turned off anything contained in the RAM is lost). This low level code is traditionally responsible for loading and managing the Operating System and controlling the hardware components. This is why, when the CIA injects code into firmware or writes their own tained firmware, the exploit is not detected nor removed very easily even after a re-installation of the Operating System.


Apple Phones and Computers Aren’t the Only Things Infected

Many people do not know that firmware lives on a multitude of devices and is completely separated from the Operating System layer. This means that devices without a graphical user interface/without an Operating System can still be infected. Documents reveal the “Sonic Screwdriver” project which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a mac laptop or desktop is booting even when a firmware password is enabled”. The infection, in this case, is housed on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter. Bascially, the CIA can infect your computer when it starts up if you are using an infected Thunderbolt-to-Ethernet adapter but it isn’t necessarily limited to this particular peripheral. This means that any USB device or other external device could potentially infect your Apple computer or phone. Scary!





Factory Fresh IPhones Might Be Infected

This is the real kicker – WikiLeaks discovered a manual for, “NightSkies 1.2” which is a, “beacon/loader/implant tool” which was designed for the sole purpose of physically installing onto iPhones fresh from the factory. Since the CIA NightSkies tool had reached version 1.2 back in 2008 it is safe to say that they have been compromising Apple users’ privacy and infecting the iPhone supply chain since 2008. That’s almost 10 years!! 


The Actual CIA Documents – See For Yourself

  1. Sonic Screwdriver User Guide
  2. DarkSeaSkies 1.0 User Requirements Document
  3. Triton 1.3 User Guide
  4. Der Starke 1.4 Campanion User Guide
  5. Der Starke 1.4 RC1 Readiness Review Checklist

You can get the entire list of documents here


Overall 2 things are clear – the US government is yet again spying on its citizens under the guise of security. There is no such thing anymore as a “secure” device.