WikiLeaks’ CIA Vault 7 Documents Reveals Know-How Of Covert Hacking Operation For Mac Devices

Mar 23, 2017 06:03 PM EDT

WikiLeaks have been in the eye of the storm for a long time now, having made its mark by releasing documents of government wires to the masses which certainly riled more than just a few feathers. This time around, we have a whole new batch of CIA "Vault 7" documents which have been published already. This second batch of such documents point to the tricks of the trade employed by the CIA in penetrating different kinds of Mac hardware. While that might sound scary, none of these happen to be that alarming, since the published penetration methods do not imply to be accompanied by wide-reaching consequences, as they all need some sort of physical device access before implementation.

Skies and everything dark
The second batch of “Vault 7” documents is definitely not as large as the first. This time around, it focuses on plenty of Apple hardware, with a handful of macOS vulnerabilities as well as attack vectors that make use of the EFI routines which happen to control the boot process. "DarkSeaSkies" is used to target the MacBook Air, where it will make use of an EFI injection that is known as "DarkMatter". This will result in the installation of a "SeaPea" kernel attack, whereas "NightSkies" happens to be a piece of malware and keylogging combination.

The DarkSeaSkies package will be delivered via a "Sonic Screwdriver" which comes in the form of either a USB flash drive or modified Thunderbolt to Ethernet adapter. DarkSeaSkies will take advantage of a Thunderbolt exploit has since been patched a couple of years back after its discovery in 2014, so there is not much to worry about.

The iPhone is not immune, either
What is interesting to note is the fact that the CIA had already begun to look for ways to hack into the iPhone just a year after it has been released. This was confirmed by an offshoot of "NightSkies", which also happens to be available for the iPhone back in 2008. The “NightSkies” variant is installed through "interdicting mail orders and other shipments", but at the very least, this is not a remote attack of any kind.

OS X Mavericks could be vulnerable
Something that is far more recent would be OS X Mavericks, where the "DerStarke" package might actually be used to break into OS X Mavericks when it was still being developed. This particular package continues to target the EFI compromise, but it certainly does not seem to be that potent as the "SeaPea" vector which does a pretty good job at targeting the MacBook Air.

Do take note that the EFI exploits continue to remain after a reboot, due to a self-reinstallation process post reboot if left unmitigated. An Apple firmware update would do the trick when it comes to a permanent resolution. However, this will not be the case if someone has physical access to the machine to perform a reinfection.

So far, it seems, that the CIA's Center for Cyber Intelligence (CCI) group has targeted over 10,000 individuals around the world with a myriad of devices: iOS, Windows, and Android falling under their “umbrella”, smart TVs included.