Wikileaks Releases "NightSkies 1.2": Proof CIA Bugs "Factory Fresh" iPhones

Zero Hedge ^ | 03/23/17 | Tyler Durden

[Enlightened1]

A new WikiLeaks Vault 7 leak titled “Dark Matter” claims that the Central Intelligence Agency has been bugging “factory fresh” iPhones since at least 2008 through suppliers. The documents are expected to be released after a 10 a.m. EDT “press briefing” that WikiLeaks promoted on its Twitter.

And here is the full press release from WikiLeaks:

Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple...

[Swordmaker]

Not true. There are two chips in the phone AP (application processor) and BP (baseband processor). BP controls antenna and radio and runs RTOS (real time operation system). BP and AP share memory and BP can inject malicious code BEFORE AP loads OS.

EXCUSE ME. This has ZERO to do with the baseband processor and the Application processor . . . And in fact, the closely vulnerability I was referring to that was CLOSED last year is in the Mac. Try to keep up.

In ADDITION, what you are claiming has ZERO to do with the exploit that the CIA was using here. . . So you are doubly wrong. The CIA was intercepting the devices and manually installing the malware, not remotely via cellular signal.

[Aliska]

Twice tonight on my local newspaper site, I get a popup. The first one had the icon for my OS X software update and said my media player needed to be updated. And a button to click on.

Tried to get out of it, close the popup, nothing so had to close the browser. Went to software update and checked, no updates (usually not any more). So I know it was malware/adware of some kind. But I didn't think to take a screen capture.

So I go back to the local paper site and get a different popup. Makes it look like Adobe Flash. I go to that site if I want to check for updates and there usually aren't any but I didn't want to bother. I didn't click on the cancel like I did the first time. It wouldn't let me anyway.

So I did a screen capture, again it wouldn't let me close the popup, using the red button above the flash icon, so I had to close the browser but I took a screen capture this time. Cleared my cache.

I don't know how long i'm going to have to put up with this or who is trying to trick me into installing what I'm almost positive is malware.

[Swordmaker]

Twice tonight on my local newspaper site, I get a popup. The first one had the icon for my OS X software update and said my media player needed to be updated. And a button to click on.

Oh, Damn. These are ads from Google that are popping these up. Yes, they will try to install malware if you let them. Google does not santion them but the people who buy the ads from Google and get them on Google's rotation start out with legitimate ads, then start tossing these malware ads in and run them as often as they can until Google catches them at it. Then they get banned by Google. They change their name, open up under another name and repeat. Rinse, repeat. Over and over.

When you get this again, force quit Safari and reload Safari holding down the shift key. That will start Safari with no tabs running and you can return to your newspaper without that ad. Should be OK. If you need to, clear cookies and caches. You may have to log back onto sites that normally would remember you, etc., but its better than this malware ad hell.

If you DO use FLASH (heaven forbid, Just Say NO to FLASH!) and absolutely have to use it, go directly to Adobe.com and check for the latest update there. That small alert about "Flash player is available for your Mac and is ready to install" is certainly bogus.

[Aliska]

I don't know the keystrokes for force quit but can probably do it from my menu plus my 2nd replacement keyboard has a few function keys that don't work right and Apple couldn't figure it out. I get along ok without stuff.

I didn't want a popup blocker because it impedes my ability to use sites where I need them. And it sounds like I can't count on Google to stop them.

As a last resort I will delete my cookies. I can get most of my pw's back except gmail which I have grown to depend on, it's a screwy setup the way it interfaces with other stuff.

I saved your instructions on my desktop for the ones I can do like holding down the shift key when I (is open the same as reload? I just click on the Safari icon on the dock). I haven't had any trouble with Firefox yet. I still like Safari better but more and more sites are not negotiating a secure connection with Safari whereas I can get in with Firefox. Plus formatting can be a problem. Videos also play better on yt with FF.

I clear my Safari cache often, not my history. And there are other caches I cleared out before I ran by update to the newer OS about a year ago now. Ran into all sorts of trouble but little by little found help on the web and got er done.

Thank you so much. I know this was about iphones and the CIA but I didn't want to start a new thread about it. It used to happen to me when I was using my Windows machine, and my gut told me not to mess with them so I didn't.

Yes, I always go to the approved site like Adobe. I still have Flash because I don't know if html 5 is functional on my system. But they don't often put out updates any more for my outdated system.

Better run, but thank you so much!