Within the past week, WikiLeaks have claimed that the CIA have been able to hack into two of Apple’s products, iPhones and Macs by using Sonic Screwdriver and NightSkies.
WikiLeaks said the “Sonic Screwdriver project (named after Doctor Who’s famous tool) which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled”. The CIA’s “Sonic Screwdriver” infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.”
WikiLeaks also mentioned NightSkies 1.2, a tool specifically designed to target the iPhone 3G, and that it can retrieve files such as contact lists and call logs and execute other commands. According to WikiLeaks “NightSkies 1.2 a beacon/loader/implant tool for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.”
So if you are a user of either or both products should you be worried? Not according to Apple who has stated that the iPhone vulnerability relates to the iPhone 3G which was fixed in 2009 when they launched the iPhone 3GS and that the Mac vulnerabilities were fixed in all Macs launched after 2013. But to be on the safe side whenever Apple release new updates don’t wait to install them.