Wikileaks Thursday released trove of new documents from their CIA leak, outlining how the agency attacked Apple products.
Wikileaks is nicknaming this posting “Dark Matter.”
Dark matter is the second batch of leaks from the CIA archive Wikileaks has nicknamed Vault 7, largely describing hacking techniques the agency used. So far all of the techniques have been for targeted surveillance (not bulk surveillance, like the NSA would conduct) and many require the CIA to have physical access to devices to attack them. The documents range in age, and Apple announced after the first release of documents that many of the security flaws mentioned in that archive had long since been patched.
One user manual released in Dark Matter describes “Sonic Screwdriver” – a technique taking its name from Dr. Who’s utility tool – as a way to use a modified Thunderbolt-to-Ethernet network adapter (or, potentially, other modified hardware) to load malware while a Mac is booting. That document is dated 2012.
Another document describes “DarkSeaSkies,” a hacking technique that lurks in the firmware of MacBook Airs version 1.1. Firmware controls hardware that is not controlled by an operating system (firm, because it’s in between ‘soft’ and ‘hard’ ware). The DarkSeaSkies documents, dated 2009, describe similar implants for iPhones, but the document is dated 2009, and may not be a still working attack for either.
Other documents provide historic information for “DerStarke,” a firmware attack leaked in the last set of Wikileaks docs. The documents in this posting describe it and related malware in its 2013 form, before the 2016 form already released.
Lawmakers and intelligence officials have been more concerned that the documents were stolen than the sensitivity of any of the documents released.
Sen. Ben Sasse (R-Neb) said that Wikileaks head Julian Assange should spend the rest of his life in “an orange jumpsuit” following the first document dump.