If you’re an Apple snob like me, I’m pretty sure you became concerned when Wikileaks published documents about the hacking tools the CIA used to sneak into Apple products. A person could not disable the tools even by resetting their phone.

But Apple has come out to assure customers that the company has fixed the vulnerabilities in its newer products.

Apple and CIA Respond

The company released this statement:

We have preliminary assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.

We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.

The CIA did not comment on the authenticity of these documents. Instead, the spokesman told The Wall Street Journal that the “public should be deeply troubled by any WikiLeaks disclosure designed to damage the Intelligence Community’s ability to protect America against terrorists and other adversaries.”

Um, okay bro.

The CIA Tools

The documents highlighted four projects the CIA used to hack into Apple products and spy on people.

Sonic Screwdriver

In this program, the CIA executed a “code on peripheral devices while a Mac laptop or desktop is booting.” This works on any Mac laptop that has the Thunderbolt port. From The Daily Dot:

Once the components are ready to go, the steps for executing the attack are simple: plug the Ethernet adapter into a Thunderbolt port, plug in the media source of the boot file, and power on the machine.

Once that is complete, the user can commence their attack and infect the firmware with malware (see below).

Triton & Der Starke
Triton is the malware that The Daily Dot mentioned above. Once implemented, it can receive “files and folders from an infected computer.” It hides inside the computer, but “when triggered, compresses and encrypts the data from the hard drive and places it into an LP, or the URL of the script that the implant is speaking with.”

Der Starke is diskless and will not show up on your hard drive. As The Daily Dot describes, the malware “hides in plain site as a browser process, so it would look like you are simply uploading something on the computer.” This means network monitors cannot pick it up.


This technique used three operations to work on MacBook Airs: DarkMatter, SeaPea, and NightSkies. Overall, the implant known as DarkSeaSkies “persists in the EFI firmware of an Apple MacBook Air computer, installs a Mac OSX 10.5 kernel-space implant and executes a user-space implant. This is how the three tools worked:

This means that when working, the malware constantly monitors the target “while date is being extracted.” They used SeaPea “to hide the network” and NightSkies to send “traffic outside a network at regular intervals.”

Hackers, Security Experts Chime In

Apple hacker Dino Dai Zovi, who also works as chief technology officer at software security vendor Capsule8, told the Wall Street Journal that the CIA used techniques that required “physical access to Apple devices to be installed, meaning it is unlikely they affect a large number of individuals.”

A lot of these techniques are several years old and the CIA may not have updated them in the last eight years or so. But that does not not mean a person should not take precautions. Change your passwords and keep them strong. Always update your operating system to install the latest security patches.

Refresher on the First Document Dump

This document dump comes a few weeks after Wikileaks published other CIA hacking documents. The most damning from those documents? That the CIA has malware from Russia and other countries, which allows the agency to hide its fingerprints on attacks. One branch developed “Weeping Angel” specifically for smart TVs “by transforming them into covert microphones.”


Donations tax deductible
to the full extent allowed by law.