WikiLeaks’ Latest Vault 7 Dump Reveals CIA Is Targeting Apple Users

WikiLeaks’ Latest Vault 7 Dump Reveals CIA Is Targeting Apple Users
Image Source: WikiLeaks (via Twitter profile)

WikiLeaks has been gradually dumping documents it claims to have gotten from the CIA over the last few weeks, and the latest batch from what it’s calling Vault 7 purports that the U.S. intelligence agency has been targeting users of Apple’s Macs and iPhones. According to the organization, the CIA has several projects aimed at infecting Mac firmware and breaking into iPhones.

You may recall that Apple said after the first WikiLeaks Vault 7 dump that it had already patched most of the vulnerabilities the organization had revealed. It will be interesting to see if the company stays quiet or says the same thing again after it’s had some time to review this latest batch of documents.

WikiLeaks’ “Dark Matter” reveals targeting of Apple users

WikiLeaks is calling this section of its Vault 7 leak “Dark Matter.” It contains documents which explain how the agency is able to get “persistence” on Apple’s Macs and iPhones. The documents also demonstrate how the CIA uses “EFI/UEFI and firmware malware.”

Baupost’s Seth Klarman Suggests That The U.S. Could Be Uninvestable One Day

Seth KlarmanIn his 2021 year-end letter, Baupost's Seth Klarman looked at the year in review and how COVID-19 swept through every part of our lives. He blamed much of the ills of the pandemic on those who choose not to get vaccinated while also expressing a dislike for the social division COVID-19 has caused. Q4 2021 Read More

One of the projects highlighted in the documents is called “Sonic Screwdriver,” which the CIA reportedly describes as “a mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting.” According to WikiLeaks, this means hackers are able to boost their “attack software” from a USB stick even if the device’s “firmware password is enabled.” To use the “Sonic Screwdriver” software, the CIA stores it on a Thunderbolt-to-Ethernet adapter that has firmware that’s been modified.

Any Mac computer with a Thunderbolt port can be targeted with “Sonic Screwdriver,” according to the user manual that’s been leaked. The user manual sets out a very simple step-by-step method for hacking into a Mac laptop or desktop using this software. Aside from just knowing that the CIA can do this, what’s also disturbing is that now anyone can see how the CIA does it and even do it themselves.

CIA has a suite of malware tools for Macs

WikiLeaks also released documents about the Triton malware for MacOSX and a full “suite” of tools the CIA apparently uses to break into MacBook Air computers. The documents describe “DarkSeaSkies” as “an implant that persists in the EFI firmware of an Apple MacBook Air.” It has three components for EFI, kernel-space and user-space implants.

This Vault 7 leak also contains documents about DerStarke, which is part of the Triton malware for MacOSX. Apparently, the CIA was still using it as recently as last year and continues to work on DerStarke2.0.

iPhones might be coming off the line with bugs baked in

As if the CIA being able to break into Mac computers isn’t terrifying enough, WikiLeaks claims that some iPhones may even be coming off the production line with vulnerabilities baked right into them. Today’s batch of documents contains details on “NightSkies 1.2, which is a “beacon/loader/implant tool” for the iPhone.

According to WikiLeaks, NightSkies is designed to be physically installed onto iPhones fresh from the factory, which suggests that CIA agents physically handle the iPhones right out of the factory and install the tool onto them. The organization claims that the intelligence agency has been “infecting” its targets’ iPhone supply chain “since at least 2008.”

WikiLeaks notes that sometimes spies physically infect iPhones while they’re in the target’s custody, but it suggests that many of these physical attacks have come through the supply chain of the organization that’s being targeted. WikiLeaks suggests that this could include intercepting devices that have been ordered by the target. The organization state that the agency could obtain access to the devices while they’re in transit to the target, infect them with the tool and then drop them back in the mail.

Is this how officials cracked the terrorist’s iPhone?

All of these documents bring to mind the San Bernardino shooter whose iPhone the CIA sought Apple’s help with in unlocking it. The company refused to help, so officials took it to court, only to drop their legal efforts later after they were able to crack the iPhone without its help.

From all of these leaked documents (assuming they’re real), it seems pretty clear that the CIA has a massive toolbox when it comes to hacking Apple devices. It couldn’t be difficult for government hackers with these tools to break into an Apple device, which begs the question of why officials would try to ask for the company’s help at all.

And Apple’s not the only big tech name to get the “pleasure” of attention from the CIA. Another batch of documents from WikiLeaks’ Vault 7 dump pointed to BlackBerry QNX as being targeted.

Updated on

Michelle Jones is editor-in-chief for and has been with the site since 2012. Previously, she was a television news producer for eight years. She produced the morning news programs for the NBC affiliates in Evansville, Indiana and Huntsville, Alabama and spent a short time at the CBS affiliate in Huntsville. She has experience as a writer and public relations expert for a wide variety of businesses. Email her at [email protected]
Previous article Pershing Square Holdings Seeks Premium Listing In London
Next article Will The Apple’s iPhone 8 Look Like This? [CONCEPT]

No posts to display