Most Read
    Image 01 Image 02 Image 03

    Good news! Apple says CIA hacking tools won’t work on newer products

    Good news! Apple says CIA hacking tools won’t work on newer products

    Vulnerabilities fixed on iPhones after 2009 and Macs after 2013.

    https://www.youtube.com/watch?v=rE6lwkC7Jpk

    If you’re an Apple snob like me, I’m pretty sure you became concerned when Wikileaks published documents about the hacking tools the CIA used to sneak into Apple products. A person could not disable the tools even by resetting their phone.

    But Apple has come out to assure customers that the company has fixed the vulnerabilities in its newer products.

    Apple and CIA Respond

    The company released this statement:

    We have preliminary assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.

    We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.

    The CIA did not comment on the authenticity of these documents. Instead, the spokesman told The Wall Street Journal that the “public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Community’s ability to protect America against terrorists and other adversaries.”

    Um, okay bro.

    The CIA Tools

    The documents highlighted four projects the CIA used to hack into Apple products and spy on people.

    Sonic Screwdriver

    In this program, the CIA executed a “code on peripheral devices while a Mac laptop or desktop is booting.” This works on any Mac laptop that has the Thunderbolt port. From The Daily Dot:

    Once the components are ready to go, the steps for executing the attack are simple: plug the Ethernet adapter into a Thunderbolt port, plug in the media source of the boot file, and power on the machine.

    Once that is complete, the user can commence their attack and infect the firmware with malware (see below).

    Triton & Der Starke
    Triton is the malware that The Daily Dot mentioned above. Once implemented, it can receive “files and folders from an infected computer.” It hides inside the computer, but “when triggered, compresses and encrypts the data from the hard drive and places it into an LP, or the URL of the script that the implant is speaking with.”

    Der Starke is diskless and will not show up on your hard drive. As The Daily Dot describes, the malware “hides in plain site as a browser process, so it would look like you are simply uploading something on the computer.” This means network monitors cannot pick it up.

    DarkSeaSkies

    This technique used three operations to work on MacBook Airs: DarkMatter, SeaPea, and NightSkies. Overall, the implant known as DarkSeaSkies “persists in the EFI firmware of an Apple MacBook Air computer, installs a Mac OSX 10.5 kernel-space implant and executes a user-space implant. This is how the three tools worked:

    This means that when working, the malware constantly monitors the target “while date is being extracted.” They used SeaPea “to hide the network” and NightSkies to send “traffic outside a network at regular intervals.”

    Hackers, Security Experts Chime In

    Apple hacker Dino Dai Zovi, who also works as chief technology officer at software security vendor Capsule8, told the Wall Street Journal that the CIA used techniques that required “physical access to Apple devices to be installed, meaning it is unlikely they affect a large number of individuals.”

    A lot of these techniques are several years old and the CIA may not have updated them in the last eight years or so. But that does not not mean a person should not take precautions. Change your passwords and keep them strong. Always update your operating system to install the latest security patches.

    Refresher on the First Document Dump

    This document dump comes a few weeks after Wikileaks published other CIA hacking documents. The most damning from those documents? That the CIA has malware from Russia and other countries, which allows the agency to hide its fingerprints on attacks. One branch developed “Weeping Angel” specifically for smart TVs “by transforming them into covert microphones.”

    DONATE

    Donations tax deductible
    to the full extent allowed by law.

    Comments



     
     0 
     
     1
    tom swift | March 26, 2017 at 10:16 am

    Change your passwords and keep them strong.

    Ummm … CIA isn’t cracking your passwords, it’s going around them. Secure passwords keep guys from Nigeria or Ukraine out of your accounts, but don’t even slow CIA down.

    Always update your operating system to install the latest security patches.

    “Updates” are how the newest gimmicks get into your computer in the first place. Software, anyway—you won’t be the proud owner of the newest hardware spies until you buy a new computer.

    We [Apple] have given them [Wikileaks] instructions to submit any information they wish through our normal process under our standard terms.

    Translation—we’d prefer that Wikileaks talk to us rather than the consumer, so that we can do a better job of keeping the consumer in the dark; but Wikileaks has blown us off.

    A lot of these techniques are several years old and the CIA may not have updated them in the last eight years or so

    I hope I don’t have to belabor just how ridiculous this is.


     
     0 
     
     1
    Valerie | March 26, 2017 at 2:18 pm

    Rule of thumb for technological secrets: they only get released after they have been replaced. What I have seen so far has been commercially possible for quite some time, provided anybody wanted to do it.

    Of course the CIA and the NSA and FBI wanted (and needed) to do it.

    The big story is that 1) a whole pile of these tools were turned loose on us by any old fool, and 2) our government had no sooner acquired the tools to gather information, than it began to abuse it. During the last administration, they turned those tools on our people, for the benefit of one political party.

    There are penalties for misuse of confidential information, and we will either apply them now, or lose control of our government, forever.

      We lost control of the Executive Wing of the government when the Democrat Party was allowed to spy on and abuse the Tax System against Conservatives and Tea Partiers after 2009.

      Nobody cared, and thus anybody who isn’t a Conservative needs to be told to go suck an egg if they want to complain now.

      The phrase “I didn’t hear you complaining when the Obama Administration was doing it. Are you ready to admit you’re a hypocrite?” should become a standard part of EVERY Conservative’s lexicon. The answer for every Conservative is, appropriately, “I WAS complaining about it, and I’m still complaining about it now.”

      That being said, EVERY “Deep State” actor who was involved in any of this needs to be prosecuted, jailed and lose their pensions. Tell them they can regain their pensions IF AND ONLY IF they can testify about someone up the food chain having given them a direct, provable command to perform the act.

    Also, it should be noted that somebody is a “Doctor WHO” fan, given the names released herein.

    “Sonic Screwdriver”
    “Weeping Angel”
    There’s also a “Dark Skies” Doctor WHO fan-fiction.


    Leave a Comment

    Leave a Reply

    You must be logged in to post a comment.

    Notify me of followup comments via e-mail (or subscribe without commenting.)

    Font Resize
    Contrast Mode
    Send this to a friend