Security

Wikileaks' 'Dark Matter' release reveals CIA efforts to infect the Mac

File photo - The logo of the U.S. Central Intelligence Agency is shown in the lobby of the CIA headquarters in Langley, Virginia March 3, 2005. (REUTERS/Jason Reed JIR)

File photo - The logo of the U.S. Central Intelligence Agency is shown in the lobby of the CIA headquarters in Langley, Virginia March 3, 2005. (REUTERS/Jason Reed JIR)

Wikileaks isn't done with its Vault 7 release of CIA hacking documents, which has already created quite a stir by outlining various exploits that the CIA created for a variety of platforms. While Wikileaks has not revealed sufficient detail to allow the exploits to be easily used by cybercriminals, it has pointed nefarious parties in the right directions.

Now, Wikileaks has released another bundle of documents, this time dubbed "Dark Matter." This time, the organization turned an eye to Apple's Mac, with a number of exploits that are both insidious and persistent, MacRumors reports.

The leak highlights a specific CIA program, "Sonic Screwdriver," that was created by the agency's innocuous-sounding Embedded Development Branch. The exploit uses infected USB drives to inject code that attacks a Mac while it's starting up and bypasses a user password to instead "boot its attack software." Allegedly, the code has even been installed to modified firmware on Apple's own Thunderbolt-Ethernet adapter.

Sonic Screwdriver isn't the only exploit contained in the Dark Matter leak:

"'DarkSeaSkies' is 'an implant that persists in the EFI firmware of an Apple MacBook Air computer' and consists of 'DarkMatter', 'SeaPea' and 'NightSkies', respectively EFI, kernel-space and user-space implants.

Documents on the 'Triton' MacOSX malware, its infector 'Dark Mallet' and its EFI-persistent version 'DerStake' are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0."

As MacRumors points out, Dark Matter also has iOS in its sights, with a number of iPhone-related exploits that are injected into target devices during the actual manufacturing process. These exploits have allegedly been underway since 2008, or soon after the iPhone was first released:

"While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise."

You can check out the Wikileaks source documents here. We're likely to see additional leaks going forward, which, along with efforts to understand the documents that have already been leaked to date, will keep security analysts and the companies that make affected machines busy.