WikiLeaks newly publishes Mac's hacking tool document from CIA's confidential document "Vault 7"

ByAlexander Rentsch

Confidential data of CIA that WikiLeaks gathered up a top secret intelligence operation that hacks automobiles and smart TV "Vault 7It is calling ripples by publishing. In addition, WikiLeaks has released a new Vault 7 document, revealing the existence of a spy tool that allows the CIA to remotely monitor and send all Mac activity without being noticed by the CIA.

WikiLeaks - Releases
https://wikileaks.org/vault7/darkmatter/releases/


New Wiki Leaks Documents Describe Alleged Mac, iPhone Hacking Tools - WSJ
https://www.wsj.com/articles/new-wikileaks-documents-describe-alleged-mac-iphone-hacking-tools-1490307719

New WikiLeaks Vault 7 Dump Shows the CIA's Mac Firmware Attacks | WIRED
https://www.wired.com/2017/03/wikileaks-shows-cia-can-hack-macs-hidden-code/

CIA's "Vault 7" describes Apple's "Thunderbolt - Gigabit Ethernet adapter"To change the firmware and convert it to a spyware embedding tool called" Sonic Screwdriver ". When you insert the Sonic Screwdriver into your MacBookEFIIt will become possible to remotely monitor and transmit all actions occurring in the OS.

Karsten Nohl, the founder of the Security Research Lab and also the famous firmware hacker, said: "EFI controls the entire boot sequence, EFI is part of the computer, there is no way to detect anything, There is almost no way to remove it. " Firmware software inserted in the machine is called "DerStarke" and DerStarke is virtually undetectable of "Triton", a malware tool that secretly relays machine informationLoaderIt is said that it functions as. By impersonating a web browser, Triton can relay machine information from a secret network data stream, and even if the hard disk of the machine is extracted, it has the function to be reinstalled the next time it starts up via the firmware .

To do this attack you need to physically access the Mac's USB port or Thunderbolt port. The CIA is considered to attack the target while the target is being held by the police, when you are leaving the Mac with a security checkpoint and so on. Although this document is a description focusing on Mac, it is mentioned that it was also used for physical access to the iPhone in 2008. However, it seems that the attack on the iPhone did not work as "not having stealth and sustainability".

ByM.p.3.

CIA's Vault 7 was made in 2013 and can not be used on the latest Mac with the secure boot function enabled. However, WikiLeaks pointed out the existence of "DerStarke 2.0" that came into effect in 2016, and Thomas Reed, a Mac related researcher of anti-virus software / MalwareBytes, said, "CIA has the latest version of the spy tool It would be foolish not to think that it was updating to. "