WikiLeaks Continues 'Vault 7' With New Documents Detailing Mac-Related CIA Exploits

[usarioclave]

Well, it's what I would do if I was charged with compromising iPhones: start at the source. The only question is, how do you activate the tap?

Maybe it's activated via the SIM card. That's the easiest, and probably least well-known control channel for outside access. Most code does't expect the soft underbelly to be doing much.

 

[lkrupp]

What's more bothersome is if these exploits get into the wrong hands. And that's entirely possible.

If the government has them they’re ALREADY in the wrong hands. What’s your point?

 

[Altis]

 

[iapplelove]

If the government has them they’re ALREADY in the wrong hands. What’s your point?

I think you knew my point. But if your goal was to be a smart ass great job

 

[supercoolmanchu]

If the government has them they’re ALREADY in the wrong hands. What’s your point?

But that's the big thing that's being ignored by the idiot press... the CIA effectively sidestepped the required oversight for even our 'secret' intelligence stuff. When the NSA has these same materials they are required to be treated as classified, as they are considered weaponized software, which is treated the same as other high level military grade items like nuclear subs, fighter jets, SEAL teams, etc. A civilain intelligence agency isn't allowed to have their own 'tools of warfare' at that scale. What's worse is the way they cheated this by labeling highly sensitive stuff as 'unclassified' to criminally avoid those oversights and protections, it foolishly made these a lot easier to get out into the wild.

The normal political partisan mouth breathers are too busy huddling around their teams, but this is a huge stain on the previous administration, and will be to the current one if it continues. Industrial sabotage on a massive level, and the economic damage to both US and foreign industry is almost unimaginable. This is a colossal **** up, and according to our own laws, is likely the single biggest criminal action of any US administration.

 

[diegogaja]

There hasn't been a single instance of Wikileaks providing false documents

You actually don't know that. And you are most likely wrong. Think of it like this: the govt CAN'T actually confirm or deny what Wikileaks puts out due to classification. You also don't know what Wikileaks is realeasing, holding back, editing, reframing, etc. Even releasing partial documents to frame the information in a certain way is a lie.

I'm not advocating trusting the govt blindly, just stating why it would be unwise to trust Wikileaks blindly.

Keep in mind, Wikileaks is actually breaking the law, jeopardizing the safety of US citizens and our servicemembers around the world, and making it more difficult for US agencies to do their jobs. Whether it's morally or ethically wrong is up for debate.

I know the argument will be that they are exposing these agencies "illegal" activities...however, there has not been any evidence of large scale, broad direct collection on US citizens...something that they are definitely capable of as evident in all of this information.

No one should be surprised by the capabilities of the agencies in these releases.

 

[Swift]

You actually don't know that. And you are most likely wrong. Think of it like this: the govt CAN'T actually confirm or deny what Wikileaks puts out due to classification. You also don't know what Wikileaks is realeasing, holding back, editing, reframing, etc. Even releasing partial documents to frame the information in a certain way is a lie.

I'm not advocating trusting the govt blindly, just stating why it would be unwise to trust Wikileaks blindly.

Keep in mind, Wikileaks is actually breaking the law, jeopardizing the safety of US citizens and our servicemembers around the world, and making it more difficult for US agencies to do their jobs. Whether it's morally or ethically wrong is up for debate.

I know the argument will be that they are exposing these agencies "illegal" activities...however, there has not been any evidence of large scale, broad direct collection on US citizens...something that they are definitely capable of as evident in all of this information.

No one should be surprised by the capabilities of the agencies in these releases.

This is nothing like the Snowden revelations. This is a toady working for Trump and Putin.

 

[ThunderSkunk]

So, for anyone interested in actual security in their company data, once again it looks like the solution is to keep your business machines strictly limited to a quarantined intranet, with no outside connectivity, and rely on either mobile devices or separate specific internet kiosks not on that intranet, containing no company info, for web access.

If a government wants to quash the internet as an open channel of free communication, this is an excellent way of doing it.

 

[antonis]

What's more bothersome is if these exploits get into the wrong hands. And that's entirely possible.

There are no 'right hands' in such matters.

 

[ISanych]

Keep in mind, Wikileaks is actually breaking the law

Which law they are breaking and why they have to obey this particular law of this particular country? Luckily US is not a world master yet and US laws only apply on US territory.

 

[usarioclave]

Whether you believe Wikileaks as a source is irrelevant. The documents are the documents, and you can (and should) validate them yourself. The messenger doesn't matter. You can question the messenger's motives, but you should separate the messenger from the message. For some people that's impossible to do, but that's their problem.

Overall, the described stuff seems consistent with efforts that any normal spy agency would be doing. Compromising every iPhone ever made to get to one suspect is extreme, but sometimes you have to go wholesale to go retail. And it'd be easier; why break encryption when you can just bypass it?

In any case, the Iphone tool (NightSkies) has docs on how to build a firmware image, so it's not AFAIK a factory-level exploit.

 

[AZ63]

How can I check my devices for this crapware? Apple should release a scan tool asap.

Ah, maybe the scan tool infects the device.

 

[doctor-don]

Track down the leakers and … OFF WITH THEIR HEADS!

 

[nt5672]

Well at least we now have a reasonable explanation about why the FBI backed off getting Apple to unlock the phones. They realized that another arm of the government already had back doors installed. At this point the NSA/CIA should just be shut down. They are no longer working in the best interest of the law abiding citizens of America.

Someone else posted that these leaks are against the law. I, for one, am grateful that government law breaking has need exposed. Technically, they are not against the law because they fall under the whistleblower statutes, which protect people exposing institutional law breaking (which this is regardless of how much the government protests).

That also does not mean that the government with its infinite power will not try to punish the whistleblower, but that just makes the government even less trustworthy. Unfortunately, the government can not get below zero percent trustworthy.

 

[MistrSynistr]

All of this assumes that:
1) Wikileaks information is accurate
2) Wikileaks is honest

Plenty of reason to doubt both these days.

And unless the supply chain is actually compromised, then physical access is required, and if someone has physical access to your advice, its as good as compromised, thats always been true.

Are you being serious? Every single thing they've ever put out is confirmed. lol.

Where do you people come from?

 

[nia820]

Whenever Russiagate heats up, Wikileaks releases news leaks. I firmly believe now that Wikileaks is in bed with the Russians.

 

[MistrSynistr]

[doublepost=1490294617][/doublepost]

There's only one reason to doubt Wikileaks... you're blinded by petty partisan politics and will swallow anything that makes your little party team feel better about themselves.

Their record for accurate information has been 100%, so you have to ignore their entire history to come up with a different conclusion.

Nice try though. Run along now.

This cracks me up. They are either Media Matters shills/agents (and there are many on forums) to spread disinfo or they are seriously that ignorant and for their "team" winning that they would participate in a nafarious, evil-minded narrative just to win.
[doublepost=1490294711][/doublepost]

Track down the leakers and … OFF WITH THEIR HEADS!

More like off with yours for being complacent with Elite scum, and promoting their agenda and bidding.

 

[centauratlas]

Yes. Physical security is #1. Without it, you're compromised.

I will post a good security guide I found:

https://github.com/drduh/macOS-Security-and-Privacy-Guide/blob/master/README.md

Of course they also state "at the factory" so no amount of physical security can help when that happens.

 

[idunn]

My rule of thumb is that nothing electronic is safe . . .

unless—possibly—proven otherwise. Apple has been less than reassuring in this regard.

 

[smallcoffee]

Of course they also state "at the factory" so no amount of physical security can help when that happens.

Well yeah

 

[lostngone]

Not surprising the government has a secret arsenal of weapons to gather cyber information on multiple platforms and devices.

The problem with this is they do not have a monopoly on this information. If they know of a exploit/bug there is a pretty good chance someone else does too. By not telling Apple and fixing the exploit they might be able to get what they want but they are also putting everyone else at risk as well.
[doublepost=1490296243][/doublepost]

And unless the supply chain is actually compromised,

You mean like Operation: DROPOUTJEEP
https://appadvice.com/appnn/2013/12...ntercept-iphone-communication-through-spyware

 

[RickInHouston]

This could be partly why Apple is motivated to build their own (ARM-based) CPUs — so that they can have a brand new system design that is not susceptible to known compromises. They could lock down the boot process by having full control over how everything works together. Combine that with technology like Touch ID and a system would not even boot at all without passing physical identity verification. This is generally how iOS devices work today, so Apple is bringing this to the Mac.

Give it a rest, already.

 

[konqerror]

I think it is a little different when you are talking about this situation, considering you need physical access to the device.

Also, I don't ever remember Apple saying that Macs were 100% secure for any attack. They did say that iPads don't get PC viruses though, which is true. Just like I don't get PC viruses.

The key is Apple is way behind the curve. And by way, I mean 10 years behind. Microsoft required all PCs to have secure boot for 3 years already, which defends against firmware and pre-boot attacks. Windows 10 uses the TPM to bind passwords and encryption keys to hardware. Meanwhile, Apple hasn't figured out anything past signed firmware updates, leading to a 2006 level of security. They have the technology: see iOS. They just haven't bothered to update the Mac.

 

[MH01]

Are you being serious? Every single thing they've ever put out is confirmed. lol.

Where do you people come from?

lol ..... some of our members live in a reality distortion field, and would have believed wiki leaks until they saw this, now wiki leaks is fake news just watch how many on here claim wiki leaks is not credible

 

[JamesPDX]

My rule of thumb is that nothing electronic is safe . . .

unless—possibly—proven otherwise. Apple has been less than reassuring in this regard.

Except an older hand-wired tube amp. Like a Marshall JCM 800. My Strat has no malware.