CIA Tools Could Infiltrate MacBooks And iPhones, WikiLeaks Says
Mar 27, 2017 03:57 PM EDT
WikiLeaks has revealed on Thursday that the U.S. Central Intelligence Agency (CIA) has developed tools to infect Apple products. The CIA tools date from between 2009 and 2013, and are unlikely to affect current Apple hardware for iPhones and MacBooks.
The leaked documents of WikiLeaks remain unverified as the set files could have been altered. Yet, the source emphasizes it is high likely the CIA obtained access to Apple products and infected them "by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise."
The documents show a spy agency's attempt to crack into some uttermost locked-down consumer electronics devices available, using hacking methods that require the agency to directly access the products. The CIA tools target Apple's firmware that permanently runs on electronics to run fundamental processes.
Apple responded on late Thursday saying the iPhone vulnerability affected only the 3G and was plugged in 2009 with the release of the 3GS. Meanwhile, the Mac vulnerability was fixed in all Macs released after 2013.
Another CIA tool described in the cache sought to infect iPhones in 2008. WikiLeaks said that the tool had been developed to version 1.2, suggesting that "the CIA has been infecting the iPhone supply chain of its targets since at least 2008," according to CNET.
One tool called "Sonic Screwdriver" was revealed in the leaked CIA documents, claiming the CIA tool could infect MacBook firmware through the Thunderbolt port. The approach is identical to the problem described by security researcher Trammell Hudson in 2015. At this time, a hacking tool dubbed "Thunderstrike 2" infected MacBook firmware through the Thunderbolt port based on the flaw, which was patched by Apple in 2015.
The CIA has remained silent on the allegations. The agency responded by reiterating a statement from earlier in March, declining to comment on the CIA tools, and on the authenticity of the documents.