WikiLeaks Continues 'Vault 7' With New Documents Detailing Mac-Related CIA Exploits

xero9

macrumors 6502a
Nov 7, 2006
848
480
0
What's more bothersome is if these exploits get into the wrong hands. And that's entirely possible.
But unless those wrong hands can also alter a UPS shipment while going unnoticed, it's not as dangerous. Still concerning though.
 

miketcool

macrumors 6502a
Jun 24, 2003
872
203
0
California
www.wigledesign.com
So, it sounds like code could only be done with having physical access to the device itself.

Interesting spy stuff.
Except Snowden showed us the intercept programs where the government loaded the spyware in transit. This leak mentions factory installation as well. Looking at the Geek Squad leaks, it wouldn't be a stretch to find some of these tools present in Genius Bar software/hardware.

Eventually it will come out how involved Apple was in this. For now they can deny, but the law was written that they must be covertly compliant in FISA requested attacks on devices and services. Like Snowden stated, no internet connected tech is safe from the dragnet.
 

Amacfa

macrumors 68000
May 22, 2009
1,585
2,874
0
D.C.
All of this assumes that:
1) Wikileaks information is accurate
2) Wikileaks is honest

Plenty of reason to doubt both these days.

And unless the supply chain is actually compromised, then physical access is required, and if someone has physical access to your advice, its as good as compromised, thats always been true.
The government already confirmed some of the previous leaks by seeking to have it removed from viewing. There hasn't been a single instance of Wikileaks providing false documents
 

69Mustang

macrumors 604
Jan 7, 2014
6,886
12,347
0
In between a rock and a hard place
Or like Apple with far less exploits that are limited by having physical access to the device.
Physical access like this: "While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise."?
That's f'd up. I'd rather deal with avoiding crap in the wild. At least I can actively try to mitigate the possible damage.

Not sure if being sarcastic. But that's kind of BS. Any device able to receive files can get a virus. The real question is whether they're affected by said virus, like some digital form of Typhoid Mary.
You misinterpreted the intent of the @vertical smile quote. "They did say that iPads don't get PC viruses though, which is true. Just like I don't get PC viruses." He's cleverly pointing out the deception in the ad. Just like the fact that vertical smiles doesn't get PC viruses, here's a short list of other things that don't get PC viruses:
a ham sandwich, Harry Potter, a wooden ruler, my prostate, a sample of e coli...
 
Last edited:
  • Like
Reactions: AppleMacFinder

William Gates

macrumors 6502
Oct 26, 2007
347
918
0
Dark Matter isn't exclusively Mac focused, however, and includes a few new iPhone exploits in the round-up as well. One is called "NightSkies 1.2" and is described as a "beacon/loader/implant tool" for the iPhone that is designed to be physically installed on an iPhone directly within its manufacturing facility. This conspiracy-leaning exploit is said to date back to 2008 -- one year after the first iPhone debuted -- and suggests, according to WikiLeaks, that "the CIA has been infecting the iPhone supply chain of its targets since at least 2008."

This is the much bigger news. If true, holy ****.
 

OldSchoolMacGuy

Suspended
Jul 10, 2008
4,202
8,906
0
Not surprising the government has a secret arsenal of weapons to gather cyber information on multiple platforms and devices. The part that bothers me is how far they go to do it to the average person.
Having worked in the industry for more than 10 years I can tell you that the government doesn't care one bit about the average person. You aren't even on their radar. As long as you aren't having sex with kids, running MASSIVE piracy rings (the original distributor of software, albums etc, not just some guy seeding a torrent), or plotting terrorist activity, they don't give a s*it about you. Seriously. These guys are so incredibly busy that only don't bother with anything less than the most important targets (and even that they don't have the time to address most of).
 
  • Like
Reactions: scott911

jmgregory1

macrumors 68000
The sad thing isn't that the CIA has capabilities to spy on people using everyday electronic devices, but rather that people think that the CIA gives a rats behind what the majority of people are doing on their devices. Sure, if you're a foreign national who has nefarious plans, you should be concerned, but Joe and Jane American, British, German, Italian, French, etc., would be thinking they're far more important than they are if they think any government wants to know what they're doing on their devices.
 

coolfactor

macrumors 601
Jul 29, 2002
4,212
3,675
0
42
Vancouver, BC
www.thedigitalorchard.ca
This could be partly why Apple is motivated to build their own (ARM-based) CPUs — so that they can have a brand new system design that is not susceptible to known compromises. They could lock down the boot process by having full control over how everything works together. Combine that with technology like Touch ID and a system would not even boot at all without passing physical identity verification. This is generally how iOS devices work today, so Apple is bringing this to the Mac.
 

coolfactor

macrumors 601
Jul 29, 2002
4,212
3,675
0
42
Vancouver, BC
www.thedigitalorchard.ca
The CIA does not spy on its own citizens en-masse either. They don't have the manpower. The NSA however is a different and separate story.
Combine this with the advancements in Artificial Intelligence and massively-powered computers can be doing the monitoring 24-7, and raising red flags when something is noticed. Then the "manpower" steps in to take a closer look.
 
  • Like
Reactions: DanJBS

jahall05

macrumors regular
Jul 30, 2013
248
18
0
Well there you go folks. These are all spying devices. Probably the most harmful thing Apple has done is try to con their customers into thinking their gadgets are secure.

Might as well just blog our life story, daily correspondence and inner secrets on Facebook and be done with it.

I would think when Apple says they are secure, they are as secure as Apple can make them at any given point. They can't account for every hack or exploit that comes out and from experience, they are good at sending out updates to patch exploits as they are found.
 

DoctorTech

macrumors 6502
Jan 6, 2014
476
844
0
Indianapolis, IN
"Sonic Screwdriver" is another Dr. Who reference just like "Weeping Angel" (a spy tool mentioned in the last Wikileaks document dump). The "sonic screwdriver" was a universal tool that Dr. Who could use to do nearly anything such as pick a lock, start a car, turn on a computer, etc.

Weeping Angels were alien creatures who looked like harmless stone statues while you were actually looking at them but they came to life and would attack you the moment you blinked your eyes or turned your head. They were only dangerous if they were not being watched. I find a great irony that the CIA is using these metaphors for their tools and activities.
 
  • Like
Reactions: jjm3

Sasparilla

macrumors 65816
Jul 6, 2012
1,265
1,896
0
Wikileaks is a known foreign enemy of the US who conducts cyber warfare. Not a public service.
Alot of it depends on how you view things. They certainly have a record of outing things the U.S. government (and many others) does not like. But it seems they just publish stuff others have given them. Kind of like how we found out about all the mass surveillance of the population done by the U.S. government when Mr. Snowden got that information out.

As security experts have said over and over - when it comes to computers, either everyone can be secure or nobody can. I'd much rather have all the exploits outed and our collective systems and security (for the country) made secure - from a strategic standpoint. Our intelligence agencies can operate around those barriers and still do their jobs (like they did before this was available to them), they're good....its just alot easier for them if there are holes in everyone's computer systems & they want to keep that.

From the standpoint of getting these holes patched for everyone, then this is good thing - this also proves the experts points about these security holes...they aren't just for our own use, they get out one way or the other to others who wish to do bad things to us via the weakened security of computer systems in our country (despite being very convenient for our 3 letter agencies to use as weapons...again their narrow focus). JMHO...
 

supercoolmanchu

macrumors 6502
Mar 5, 2012
253
418
0
Hollywood
All of this assumes that:
1) Wikileaks information is accurate
2) Wikileaks is honest

Plenty of reason to doubt both these days.

And unless the supply chain is actually compromised, then physical access is required, and if someone has physical access to your advice, its as good as compromised, thats always been true.
There's only one reason to doubt Wikileaks... you're blinded by petty partisan politics and will swallow anything that makes your little party team feel better about themselves.

Their record for accurate information has been 100%, so you have to ignore their entire history to come up with a different conclusion.

Nice try though. Run along now.
 

Robert.Walter

macrumors 68000
Jul 10, 2012
1,531
1,607
0
Oh but they do get physical access to our stuff. They intercept it en route to its final destination:

https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/

Quote from that article:

"The document, a June 2010 internal newsletter article by the chief of the NSA’s Access and Target Development department (S3261) includes photos (above) of NSA employees opening the shipping box for a Cisco router and installing beacon firmware with a “load station” designed specifically for the task.

The NSA manager described the process:

Here’s how it works: shipments of computer network devices (servers, routers, etc,) being delivered to our targets throughout the world are intercepted. Next, they are redirected to a secret location where Tailored Access Operations/Access Operations (AO-S326) employees, with the support of the Remote Operations Center (S321), enable the installation of beacon implants directly into our targets’ electronic devices. These devices are then re-packaged and placed back into transit to the original destination. All of this happens with the support of Intelligence Community partners and the technical wizards in TAO."



Cisco has been having a rough time with its international customers trusting its equipment and for good reason. It's not Cisco's fault, their equipment leaves the factory "clean".

I have no idea if the government spooks bother with any of us. I guess it would depend on what you do for a living.
"Intelligence Community partners" seems to imply collusion or coercion of the freight forwarders and shipping companies because the spooks need to know when and to whom shipments are being sent.

One way Cisco could avoid this massive octopus would be to offshore their production from the USA.

[doublepost=1490282776][/doublepost]
Again, it shouldn't come as a surprise to anyone that the Central Intelligence Agency has tools to conduct espionage. It's literally their job description. This has been known for a long time. These Wikileaks revelation just state the obvious. So calm down everyone.

No, the CIA in not spying on you. These tools are used for statecraft, espionage, and terrorism threats. The CIA doesn't care about the porn you have on your Mac. Calm down.

The CIA does not spy on its own citizens en-masse either. They don't have the manpower. The NSA however is a different and separate story.

This is another rouse to get you riled up like last time. No actual tools were released. Just the knowledge that the CIA possesses the ability, which we already knew. No big deal. Calm down.
Actually neither the CIA nor the NSA have a remit for domestic spying, that's the FBIs job.

Problem is that it is ever more difficult to prevent these agencies from doing domestic work and catching them at it.

Risk is that these agencies, with cyber exploits are much more able to scale their activities both horizontally and vertically against domestic targets.

This is how turn-key surveillance becomes available to a potentially despotic administration.