WikiLeaks has released new information on CIA programs aimed at monitoring Apple device owners. Has the CIA redirected iPhone shipments to its own facilities to infect them with spyware?
For many readers of the latest data dump from the controversial website WikiLeaks, two surprising facts stood out:
- The CIA has been hacking iPhones, Macbooks and other Apple products for a decade
- To install the malware, the CIA requires physical access to “factory fresh” machines. WikiLeaks suggests this is done through redirecting Apple’s supply chain through their own facilities
What has the CIA been up to?
According to the documents, CIA’s Embedded Development Branch (EDB) implants malware called NightSkies 1.2, a “beacon/loader/implant tool” that apparently allows the CIA to “gain persistence” (spy) on the device. Notably, this program has been in use since 2008. WikiLeaks also describes a project called “Sonic Screwdriver”, which allows spies to remotely hack a Mac computer from a USB accessory plugged into the machine. The release also contains details of other malware products with striking names such as “DarkSeaSkies”, “DarkMatter”, “SeaPea”, “Triton”, “Dark Mallet” and “DerStake”.
Listen to WikiLeaks’ Julian Assange’s commentary on the CIA’s malware specifically developed for Apple products:
How is the malware installed?
According to the CIA documents, NightSkies 1.2 is physically installed by a CIA operative on “factory fresh iPhones”, or handsets that users haven’t yet interacted with.
The two key words here are “physically” and “factory fresh”. The malware cannot be installed remotely, which means the CIA agent needs to get their hands on their target’s phone to install the program. This brings to mind a Hollywood-style manoeuvre where the operative would somehow pickpocket the target, install the malware with a USB, and return it to the unsuspecting iPhone owner who will never realise they’re being tracked.
However, as the iPhone needs to be “factory fresh”, WikiLeaks believes it’s possible the CIA has redirected iPhone shipments to install the tool. The organisation wrote:
“While CIA assets are sometimes used to physically infect systems in the custody of a target, it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise”.
This raises two questions, neither of which are answered in the WikiLeaks documents:
- Is the CIA infecting Apple products en-masse, or are they only intercepting, infecting and re-sending specific phones that have been ordered via mail by persons of interest?
- Does the CIA visit the factory floors of Apple’s suppliers to install the malware?
Has Apple responded?
Yes. Apple has released a statement pointing out that nearly 80 per cent of the vulnerabilities exploited by the CIA have already been fixed with security patches (years ago in some cases) and added that it “will continue work to rapidly address any identified vulnerabilities.”
In its statement, Apple did not directly condemn the CIA for interfering with its products, choosing instead to distance itself from WikiLeaks:
“We have not negotiated with WikiLeaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.”
In other news procurement news this week…
London Mourns Victims of Westminster Attack
- Thousands of Londoners gathered in central London to honour the victims of Tuesday’s terrorist attack
- On the 22 March, Khalid Masood drove into pedestrians on Westminster Bridge before crashing his rented four-wheel drive into a fence outside parliament
- He attacked two police officers as he tried to enter the building, fatally stabbing Keith Palmer before he was shot. Five people, including the attacker, died, and at least 50 people have been injured.
- On Thursday evening, a candlelit vigil was held in Trafalgar Square. In what was a moving tribute to those affected, the Mayor of London, Sadiq Khan, addressed the crowd to much applause and a minute of silence was observed.
Read more on BBC
Avian Influenza resurfaces in Asia
- An outbreak of H7N9 avian flu that has been described as the worst in seven years is dramatically impacting the poultry industry across China, Japan and South Korea.
- The outbreak has been linked to over 140 human deaths in China in January and February, along with enormous stock culls including 30 million chickens in South Korea alone.
- Chinese poultry imports are expected to grow by 10%.
Read more on the Wall Street Journal.
Starbucks announces aggressive expansion plans
- Starbucks will open 12,000 new cafes globally by 2021, including 3,00 new stores in the U.S.
- The new stores will require a workforce of 240,000, with the company planning to hire 25,000 military veterans and military spouses.
- Starbucks has also announced it would hire 10,000 refugees in response to Donald Trump’s executive order calling for an immigration ban.
Read more on MarketWatch.