• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

Wikileaks Releases "NightSkies 1.2": Proof CIA Bugs "Factory Fresh" iPhones

Recommended Posts

FunkyMike    1,827

A new WikiLeaks Vault 7 leak titled “Dark Matter” claims that the Central Intelligence Agency has been bugging “factory fresh” iPhones since at least 2008 through suppliers.  The documents are expected to be released after a 10 a.m. EDT “press briefing” that WikiLeaks promoted on its Twitter.

 

 

Here is a live stream of the pending press briefing with Julian Assange:

 

 

And here is the full press release from WikiLeaks:

 

Quote

Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

 

Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

 

"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

 

Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

 

Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

 

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

 

http://www.zerohedge.com/news/2017-03-23/nightskies-12-wikileaks-latest-leak-says-cia-bugging-factory-fresh-iphones-2008

  • Like 1

Share this post


Link to post
Share on other sites
FunkyMike    1,827

NightSkies works in the background and grants “full remote command and control,” to the CIA, allowing it to upload and download files from iPhones, including details from the owner’s phonebook, text messages and call logs, and to execute actions on the phones as it wishes.

 

In the press release regarding the latest ‘Vault 7’ leak, WikiLeaks claims that NightSkies “is expressly designed to be physically installed onto factory fresh iPhones.”

 

A 2008 document featured in the release explains that NightSkies v1.2 must be physically installed and will only start beaconing information once the user starts to use the phone.

 

 

Nightskies is made up of three components: an implant, a Listening Post (LP) and a post-processing program.

 

The implant runs undetected on the phone once it has been physically installed.

 

The CIA monitors the phone for activity, including its browser history file, YouTube video cache or mail metadata. Once it is used for the first time, NightSkies kicks in and sends information to a preconfigured LP.

 

LPs are used to monitor devices, such as computers and phones, which have been hacked with the CIA’s malware implants. They can be physical or virtual and stored on a CIA computer server.

 

 

The NightSkies LP works as a “drop box" for information. It is unable to decrypt the packages it receives, in order to maximize security should the LP be compromised.

 

The post-processing component handles the information received by the LP from the implant in the phone.  It “is intended to occur in a secure environment,” and decrypts and processes the ”payload” received from the target’s phone.

 

Certain ‘limitations’ are mentioned in the document, with the CIA warning that, “If the target does not use any applications that we monitor (MobileSafari, MobileMail, MobileMaps, etc..), then it is possible the beacon may not get triggered by the target.”

 

A “failsafe trigger” exists to bypass this problem, but it would be far more conspicuous to any targets and would be a last resort in cases of inactivity on the aforementioned apps.

 

The fact that NightSkies was on version 1.2 by 2008 suggests it had been employed before then. The document references a 1.1 version, and explains that NightSkies has the capability to self-upgrade once installed.

 

https://www.rt.com/viral/382080-nightskies-cia-infiltrate-iphone/

 

 

Share this post


Link to post
Share on other sites
FloatingFatMan    17,926

And yet, help from a third party was needed after Apple refused to grant law enforcement access to an iPhone owned by a murder suspect... Ooookaaaaaaaayyyy...  Why would that have been necessary if there's a backdoor installed?

 

Share this post


Link to post
Share on other sites
+Mirumir    5,634
15 minutes ago, FloatingFatMan said:

And yet, help from a third party was needed after Apple refused to grant law enforcement access to an iPhone owned by a murder suspect... Ooookaaaaaaaayyyy...  Why would that have been necessary if there's a backdoor installed?

That was just another theatrical performance, a drama designed for the gullible.

 

"All the world's a stage..."

  • Like 1

Share this post


Link to post
Share on other sites
FloatingFatMan    17,926
2 minutes ago, Mirumir said:

That was just another theatrical performance, a drama, for the gullible.

 

"All the world's a stage..."

And your proof of that is?

  • Like 1

Share this post


Link to post
Share on other sites
Slugsie    963
15 minutes ago, FloatingFatMan said:

And yet, help from a third party was needed after Apple refused to grant law enforcement access to an iPhone owned by a murder suspect... Ooookaaaaaaaayyyy...  Why would that have been necessary if there's a backdoor installed?

 

I would suspect that if these tools exist that the CIA didn't offer access to the back door because it would have revealed the existence of that back door which they most certainly wouldn't want to do.

  • Like 3

Share this post


Link to post
Share on other sites
+Mirumir    5,634
5 minutes ago, FloatingFatMan said:

And your proof of that is?

It was obvious when it was unfolding. All that back and forth the FBI and Apple were having.

 

Besides, this is CIA we are talking about here. They don't deal with "petty crimes" such as those done by lone murderers. 

 

 

  • Like 1

Share this post


Link to post
Share on other sites
FloatingFatMan    17,926

Considering how much these devices get hacked, software such as this would have been discovered years ago by one of said hackers.  Has it been so?  Have any third parties verified WikiLeaks claims so far?

Just now, Mirumir said:

It was obvious when it was unfolding. All that back and forth the FBI and Apple were having.

 

Besides, this is CIA we are talking about here. They don't deal with "petty crimes" such as lone murderers. 

 

Obvious to whom? Those with a vested interest in rubbishing the US intelligence services, perhaps? Okay.

 

Where's the proof, please? Too many people are too quick to believe anything Wikileaks publishes. I require verified and corroborated PROOF.  If this software exists in iOS, it would be pretty easy to prove it.

 

 

  • Like 1

Share this post


Link to post
Share on other sites
Skiver    1,947

Moved to It's a conspiracy

Share this post


Link to post
Share on other sites
+Mirumir    5,634
2 minutes ago, FloatingFatMan said:

Considering how much these devices get hacked, software such as this would have been discovered years ago by one of said hackers.  Has it been so?  Have any third parties verified WikiLeaks claims so far?

Obvious to whom? Those with a vested interest in rubbishing the US intelligence services, perhaps? Okay.

 

Where's the proof, please? Too many people are too quick to believe anything Wikileaks publishes. I require verified and corroborated PROOF.  If this software exists in iOS, it would be pretty easy to prove it.

They've been designing the OS's in such a way that the implant can never be detected.

 

If you think the CIA doesn't take its part in the whole development process of something as big as an OS, a product having the widest possible exposure when completed, then I have those bridges on Mars to sell to you.

Share this post


Link to post
Share on other sites
FloatingFatMan    17,926
Just now, Mirumir said:

They've been designing the OS's in such a way that the implant can never be detected.

 

If you think the CIA doesn't take its part in the whole development process of something as big as an OS, a product having the widest possible exposure when completed, then I have those bridges on Mars to sell to you.

And you really don't have a clue how software development works, do you?

 

IF this software exists, one of the many anti-establishment hackers that regularly hack the iPhone WOULD have found it. You cannot hide something like this once it's in the public domain.

 

  • Like 1

Share this post


Link to post
Share on other sites
+Mirumir    5,634
5 minutes ago, Skiver said:

Moved to It's a conspiracy

Hasn't Neowin been covering the same story? Will you move it back when it appears on the front page?

  • Like 4

Share this post


Link to post
Share on other sites
ThisSiteHasLostItsCharm    263

my radiator picks up signals from pluto.

Share this post


Link to post
Share on other sites
+Mirumir    5,634
3 minutes ago, FloatingFatMan said:

And you really don't have a clue how software development works, do you?

 

IF this software exists, one of the many anti-establishment hackers that regularly hack the iPhone WOULD have found it. You cannot hide something like this once it's in the public domain.

 

And you don't have a clue how intelligence agencies work.

 

I'm pretty sure there's a nice little cozy office room designed specifically for the CIA at both MS and Apple campuses.

Share this post


Link to post
Share on other sites
Skiver    1,947
1 minute ago, Mirumir said:

Hasn't Neowin been covering the same story? Will you move it back when it appears on the front page?

 

I'll move it back when someone from the CIA or Apple confirms it. I'm not here to debate whether this is true or not, what I choose to believe or not is irrelevant to the fact that this is nothing more than a rumour.

  • Like 3

Share this post


Link to post
Share on other sites
+Mirumir    5,634
Just now, Skiver said:

I'll move it back when someone from the CIA or Apple confirms it. I'm not here to debate whether this is true or not, what I choose to believe or not is irrelevant to the fact that this is nothing more than a rumour.

I suppose Neowin's front page is officially a rumour mill now.

 

 

 

 

  • Like 3

Share this post


Link to post
Share on other sites
FloatingFatMan    17,926
5 minutes ago, Mirumir said:

And you don't have a clue how intelligence agencies work.

 

I'm pretty sure there's a nice little cozy office room designed specifically for the CIA at both MS and Apple campuses.

I don't need to know how intelligence agencies work. I'm a software developer, I've been one for over 30 years and I have plenty of experience in reverse engineering. I know for a fact that you cannot hide software like this from prying eyes once it's in the public domain.

 

By now, either someone would have noticed something amiss in the OS or phone's firmware OR someone would have spotted the extra bandwidth activity going on, and traced it.  Even if they couldn't decipher exactly what was happening due to encryption, it would be common knowledge by now that something was amiss.

 

And if you don't believe me, just look at how fast various malwares are discovered as soon as they try to call home, or even Windows itself and its extra telemetry.  You just cannot hide this stuff for very long once it's in the wild.

 

Share this post


Link to post
Share on other sites
Skiver    1,947
Just now, Mirumir said:

I suppose Neowin's front page is officially a rumour mill now.

 

 

 

 

 

Like I say, I'm not here to debate the truth behind this or not. Just because it's in this section does not mean anything against its credibility, this section is not just limited to those who wear tin foil hats.

 

HOWEVER, until this is confirmed by someone like the CIA or Apple, then it cannot be taken as fact and therefore should be placed in an appropriate section.

 

 

  • Like 3

Share this post


Link to post
Share on other sites
+Mirumir    5,634
9 minutes ago, FloatingFatMan said:

I don't need to know how intelligence agencies work. I'm a software developer, I've been one for over 30 years and I have plenty of experience in reverse engineering. I know for a fact that you cannot hide software like this from prying eyes once it's in the public domain.

 

By now, either someone would have noticed something amiss in the OS or phone's firmware OR someone would have spotted the extra bandwidth activity going on, and traced it.  Even if they couldn't decipher exactly what was happening due to encryption, it would be common knowledge by now that something was amiss.

 

And if you don't believe me, just look at how fast various malwares are discovered as soon as they try to call home, or even Windows itself and its extra telemetry.  You just cannot hide this stuff for very long once it's in the wild.

I was wondering about the bandwidth too. Then I figured. These guys control the whole supply chain, starting with the CPUs inside the devices and the hardware on those cell phone towers.

 

8 minutes ago, Skiver said:

Like I say, I'm not here to debate the truth behind this or not. Just because it's in this section does not mean anything against its credibility, this section is not just limited to those who wear tin foil hats.

 

HOWEVER, until this is confirmed by someone like the CIA or Apple, then it cannot be taken as fact and therefore should be placed in an appropriate section.

 

 

I suppose a suggestion should be made to create a special "It's a conspiracy!" tag for the front page news items as we don't want to deceive our readers, do we.

 

 

  • Like 1

Share this post


Link to post
Share on other sites
FloatingFatMan    17,926
Just now, Mirumir said:

I was wondering about the bandwidth too. Then I figured. These guys control the whole supply chain, starting with the CPUS inside and hardware on those cell towers.

And the "conspiracy" just gets bigger and bigger and bigger.  Have you any idea how utterly impossible it is for a single government agency to control a GLOBAL manufacturing process for thousands of bits of equipment, most of which is made in nations the CIA wouldn't have a hope of controlling, such as  China?  Are you really that far detached from reality?

 

Apply the principle of Occam's Razor.  On the one had we have vast conspiracy, covering a global process of manufacturing and from which no one ever leaks anything that actually has any proof to any kind of reputable news service.  And on the other we have a bunch of people running a fringe website and trying to make out they're some kind of world saviours by "releasing leaks" without evidence.

 

 

Share this post


Link to post
Share on other sites
Skiver    1,947
10 minutes ago, Mirumir said:

<snip>

 

I suppose a suggestion should be made to create a special "It's a conspiracy!" tag for the front page news items as we don't want to deceive our readers, do we.

 

 

 

Feel free to take that up with the News Team/Steven - Nothing to do with me.

  • Like 1

Share this post


Link to post
Share on other sites
+Raze    16,193
46 minutes ago, Mirumir said:

They've been designing the OS's in such a way that the implant can never be detected.

 

If you think the CIA doesn't take its part in the whole development process of something as big as an OS, a product having the widest possible exposure when completed, then I have those bridges on Mars to sell to you.

You believe you have bridges on Mars to sell??    OK, I'll play along with you, how much are you selling them for??

 

:D

  • Like 4

Share this post


Link to post
Share on other sites
+Mirumir    5,634
45 minutes ago, FloatingFatMan said:

And the "conspiracy" just gets bigger and bigger and bigger.  Have you any idea how utterly impossible it is for a single government agency to control a GLOBAL manufacturing process for thousands of bits of equipment, most of which is made in nations the CIA wouldn't have a hope of controlling, such as  China?  Are you really that far detached from reality?

 

Apply the principle of Occam's Razor.  On the one had we have vast conspiracy, covering a global process of manufacturing and from which no one ever leaks anything that actually has any proof to any kind of reputable news service.  And on the other we have a bunch of people running a fringe website and trying to make out they're some kind of world saviours by "releasing leaks" without evidence.

It's quite simple. The manufacturing plant in China receives an already compromised ROM image from the developers in the U.S. 

 

59 minutes ago, FloatingFatMan said:

I don't need to know how intelligence agencies work. I'm a software developer, I've been one for over 30 years and I have plenty of experience in reverse engineering. I know for a fact that you cannot hide software like this from prying eyes once it's in the public domain.

 

By now, either someone would have noticed something amiss in the OS or phone's firmware OR someone would have spotted the extra bandwidth activity going on, and traced it.  Even if they couldn't decipher exactly what was happening due to encryption, it would be common knowledge by now that something was amiss.

 

And if you don't believe me, just look at how fast various malwares are discovered as soon as they try to call home, or even Windows itself and its extra telemetry.  You just cannot hide this stuff for very long once it's in the wild.

 

 

You seem to be confusing software-based malware with a hidden one working on the hardware level. The latter cannot be detected by conventional means because it had been designed with that requirement from the get-go.

 

 

Share this post


Link to post
Share on other sites
FloatingFatMan    17,926
2 hours ago, Mirumir said:

It's quite simple. The manufacturing plant in China receives an already compromised ROM image from the developers in the U.S. 

You mentioned the entire production chain being compromised. That's EVERYTHING from the hardware in the cell tower, to the hardware at the telco provider's many sites, much of which is designed and manufactured in China.   Almost none of this hardware is designed in the US, you know.

 

 

2 hours ago, Mirumir said:

You seem to be confusing software-based malware with a hidden one working on the hardware level. The latter cannot be detected by conventional means because it had been designed with that requirement from the get-go.

Nope. Not at all. Part of my 30 years programming was spent on embedded systems, included some military hardware way back in the late 80's/early 90's.  

 

There are too many points in the chain where this software would have been discovered. Either from an encrypted block of code where there shouldn't be any, or from network activity that shouldn't exist.  Such a thing -might- have been possible in the 90's, where every bit of consumer hardware that hits the streets isn't torn apart by enthusiastic hackers, but these days? Not a chance in hell. People were even going to the lengths of xraying the Switch's CPU to see what was inside the package, and I've dumped chip contents through hardware mods in the past.  This sort of thing is not difficult if you have the equipment, and lots of people do.

 

Sorry, but you're going to have to provide hard evidence that -anyone- is capable of doing this, let alone the CIA, and keeping it completely hidden.  Do that and you'll have my apology, but until then, nope... It would have been discovered.

Share this post


Link to post
Share on other sites
FunkyMike    1,827
4 hours ago, Skiver said:

I'll move it back when someone from the CIA or Apple confirms it. I'm not here to debate whether this is true or not, what I choose to believe or not is irrelevant to the fact that this is nothing more than a rumour.

https://wikileaks.org/vault7/darkmatter/document/SeaPea_2_0_UserGuide/page-2/#efmAnvAqf

 

 

 

 

 

I guess once Wikileaks releases more than 2% of Vault7 we will get more articles like this:

 

https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden

 

 

54 minutes ago, FloatingFatMan said:

Part of my 30 years programming was spent on embedded systems

I am not a dev. The most that I do is tinker with AMD/Intel drivers and editing EFI roms to unlock switchable graphics options on laptops but from experience Intel Management Engine never gets updated by follow up BIOS updates of the original ODM.

 

Also Intel ME isn't opensource.

 

 

Edited by FunkyMike
  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.