Apple iPhone and MacBook users are usually least concerned of privacy, thanks to the end-to-end protected OS which doesn't even require anti-virus software. But the real question is whether these locked-down electronics devices are well-protected. The latest revelation has a contrary argument.
WikiLeaks released new documents on Thursday where it is clear that CIA used some iPhone and Mac exploits, which target Apple's firmware, to gain sneaky access. But Apple has stepped in to confirm that users have no reason to be worried as those exploits have long been fixed.
In a detailed statement responding to WikiLeaks' latest revelation, Apple confirmed that only the iPhone 3G variant was affected by the said vulnerability, but the company fixed it in 2009 with the release of iPhone 3GS. As for the Mac exploits, Apple said that they were fixed in all Macs launched after 2013.
"We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn't in the public domain. We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users," Apple said in a statement to TechCrunch.
Besides the fact that freshly-leaked CIA docs detail old hacking methods, which have been fixed for years now, a CIA agent would need to gain physical access to the device to execute them. WikiLeaks documents explain the various methods used by the American spy agency, which include a tool called "Sonic Screwdriver."
Sonic Screwdriver has the ability to hijack an Apple computer during the boot process even when it is protected with a password. It uses peripheral devices like USB sticks and adapters to carry out attacks. The Vault 7 documents also show that CIA had been using infectors such as "Dark Mallet" and its EFI-persistent version "DerStarke" to as late as 2013. Other documents show that CIA is working on DerStarke 2.0.
Another exploit revealed by WikiLeaks is called "NightSkies," which was used by CIA to infect iPhones at the supply chain on target devices since at least 2008.
This clearly shows that spy agencies are constantly on the lookout for new means to gain access to electronics devices. So what can end-users do to maintain their privacy? Romain Dillet of TechCrunch has some clear pointers to stay protected.
- Ensure your iOS devices are up to date as new software often come with patches to fill any loopholes.
- Using a strong passcode can go a long way. Use an alphanumeric code with at least six charecters.
- Do not hand over your iOS device to strangers, which can potentially allow them to install custom firmware without your knowledge.
It's better to be safe than sorry.