Latest in Gear

Image credit: MacFormat Magazine

WikiLeaks: CIA has all sorts of tools for hacking your 2008-era Mac (updated)

One uses a modified Ethernet adapter to install surveillance software.

Sponsored Links

MacFormat Magazine

One of Apple's big talking points is that Macs don't get viruses and that they're relatively safe when compared to Windows PCs. Well, WikiLeaks would like you to reconsider that notion with more info about Vault 7. The organization's latest dump is a handful of documents from the Central Intelligence Agency that detail, among other things, how the agency can infect a MacBook Air during its boot cycle via a modified Thunderbolt-to-Ethernet adapter. With "Sonic Screwdriver," the CIA's monitoring tools are stored on the dongle and the machine can be infected even if it's password protected. Considering how dongle dependent the new MacBooks are, this sort of exploit becomes even more worrying.

Next on the list is a project called "Dark Matter" which is an umbrella for a handful of other spying initiatives. Perhaps most troubling is that these infections can persist even if you reinstall OS X. Then there's "NightSkies 1.2" which, as of 2008, was used to infect brand new iPhone 3Gs.

"While CIA assets are sometimes used to physically infect systems in the custody of a target, it is likely that many CIA physical access attacks have infected the targeted organization's supply chain, including by interdicting mail orders and other shipments (opening, infecting and resending) leaving the United States or otherwise," WikiLeaks writes.

So, the CIA could intercept iPhone orders, put malware on them and then make sure the devices got to a target. WikiLeaks also notes that despite some of the comparatively ancient dates on the documents, it appears the CIA continues using and updating at least a few of them.

We've reached out to Apple for more information and will update this post should it arrive. In the case of the intercepted iPhones, there isn't much you can do (you've probably upgraded by now, and also are unlikely to be a target of CIA surveillance). But for everything else, just remember: Don't leave your laptop unattended in the open, and do not plug anything into your computer that was given to you by a stranger.

Update: Apple has responded, saying in a statement that it believes the security hole mentioned only affected the iPhone 3G, and was fixed in the follow-up iPhone 3GS model. Also, the Mac vulnerabilities mentioned were fixed in all Macs launched after 2013. Additionally, it says that WikiLeaks has not submitted any information to it under its standard terms.

In terms of the impact of these vulnerabilities, the Associated Press spoke to experts who explained how newer devices have technology that makes them harder to break into than an iPhone 3G. The addition of digital security certificates that can't be overwritten would make a warning pop up during setup of a compromised new device, while Thunderbolt revisions have made that hack harder to pull off.


We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.

We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn't in the public domain. We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr