A new trove of documents belonging to Wikileak’s Vault 7 leaks, dubbed “Dark Matter” reveal that Apple devices including Macs and iPhones have been compromised by the CIA. They are affected by firmware malware meaning that even a re-installation of the operating system will not fix the device.
The CIA’s Embedded Development Branch (EDB) have created several tools for exploiting Apple devices, these include:
- Sonic Screwdriver – allows an attacker to boot its malware from peripheral devices such as a USB stick.
- DarkSeaSkies – is an “implant” that persists in the EFI firmware of MacBook Air computers. It consists of “DarkMatter”, “SeaPea” and “NightSkies” which affect EFI, kernel-space, and user-space respectively.
- Triton – macOS malware.
- Dark Mallet – Triton infector.
- DerStake – EFI-persistent version of Triton.
The documents show that DerStake was at version 1.4 as of 2013, but other documents show that as of 2016, the CIA was working on DerStake 2.0. According to Wikileaks, NightSkies can infect Apple iPhones, the organisation said what’s noteworthy is that NightSkies has been able to infect iPhones since 2008. The CIA documents say NightSkies is a “beacon/loader/implant tool”. It is “expressly designed” to be physically installed onto factory fresh iPhones meaning the CIA has been intercepting the iPhone supply chain of its targets since at least 2008.
"Dark Matter" is just the latest release of documents from the wider Vault 7 leaks, more CIA documents are expected in the future.