A new series of leaked documents appears to show tools from as far back as 2009 that could infect Apple products. They required physical access.
- Armed with a fresh set of leaked documents, WikiLeaks said Thursday that the US Central Intelligence Agency has developed tools to infect Apple products like iPhones and MacBooks.
The tools, which date from between 2009 and 2013, are unlikely to affect current Apple hardware. They show a spy agency attempting to crack into some of the most locked-down consumer electronics devices available, using hacking methods that require the agency to directly access the products.
CNET is unable to verify whether the documents are real or have been altered.
In a press release, WikiLeaks said it’s “likely” the CIA accessed Apple products and infected them “by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.”
The CIA responded by reiterating a statement from earlier in March, declining to comment on the authenticity of the documents. In that earlier incident, WikiLeaks issued leaked documents revealing a cache of hacking tools that targeted the operating systems of popular phones and PCs, as well as a hacking tool for a Samsung SmartTV that required physical access.
“It is CIA’s job to be innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad,” the agency said. “America deserves nothing less.”
Apple didn’t respond to a request for comment on Thursday’s leaked documents.
The tools target Apple’s firmware, which is software that permanently runs on electronics to run fundamental processes.
One tool revealed on Thursday, dubbed “Sonic Screwdriver” in the alleged CIA documents, could infect MacBook firmware through the Thunderbolt port. The approach takes advantage of a flaw similar to a problem described by security researcher Trammell Hudson in 2015. They developed a hacking tool they dubbed “Thunderstrike 2” that infected MacBook firmware through the Thunderbolt port based on the flaw, which Apple patched in 2015.
Another tool described in the cache sought to infect iPhones as early as 2008, WikiLeaks said in its press release. The tool had been developed to version “1.2,” the organization noted, suggesting that “the CIA has been infecting the iPhone supply chain of its targets since at least 2008.”
Regarding the tools revealed by WikiLeaks on Thursday, Hudson wrote on his blog that, “they are all fairly old and probably don’t reflect the state of the art for the CIA Operations Group.”