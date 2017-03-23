WikiLeaks' New Dump Shows How The CIA Allegedly Hacked Macs and iPhones Almost a Decade Ago (vice.com) 40
WikiLeaks said on Thursday morning it will release new documents it claims are from the Central Intelligence Agency which show the CIA had the capability to bug iPhones and Macs even if their operating systems have been deleted and replaced. From a report on Motherboard: "These documents explain the techniques used by CIA to gain 'persistenc'' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware," WikiLeaks stated in a press release. EFI and UEFI is the core firmware for Macs, the Mac equivalent to the Bios for PCs. By targeting the UEFI, hackers can compromise Macs and the infection persists even after the operating system is re-installed. The documents are mostly from last decade, except a couple that are dated 2012 and 2013. While the documents are somewhat dated at this point, they show how the CIA was perhaps ahead of the curve in finding new ways to hacking and compromising Macs, according to Pedro Vilaca, a security researcher who's been studying Apple computers for years. Judging from the documents, Vilaca told Motherboard in an online chat, it "looks like CIA were very early adopters of attacks on EFI."
Nothing like good old BIOS and hardware jumpers
I've always transposed UEFI to UFIA in my mind. now I know why
So UEFI is now a Mac only thing, huh?
It was 10 years ago
;)
Though as far as I know Apple uses EFI
The management unit in all intel processors
It seems to me that having a chip, the management unit, in all intel processors that sits above even a hypervisor and can read all memory, have it's own connection to the network, runs java code, and is software reprogrammable, is basically the wet dream of root kits. it's invisible to anything you run on the CPU but sees all and tells all.
for a little background on the management engine:
http://hackaday.com/2016/11/28... [hackaday.com]
For remote management of OS startup/shutdown and system monitoring and its effectively a small seperate computer. I don't think consumer machines have this installed. Unless I'm getting confused about what you're referring to.
nope, it's in every core processor chipset.
Eh, no. UEFI implementations have been "hacked"* several times but AFAIK there is no instance of the security processor being tampered with.
(* back in the days we used to assume that access to hardware == access to the computer, it's just that hardware/software makes that much harder to do than before)
And now maybe we'll know why ...
And now maybee we'll know why it's been so hard for Open Source developers to get information on writing their own against-the-metal drivers for telephony radios and startup modules (BIOS, EFI/UEFI, etc.)
It has long been suspected that was not just proprietary info-walling, but to reduce chances of discovery of backdoors and persistent threats imposed in the name of spying.
So, it's not only the Russians that hack, huh!
Prior to this, I'd have thought America and especially its government agencies do not hack.
I guess I was wrong. What troubles me is that the media only talked about the Russians, yet the act was taking place in our backyard!
Question: Will the media put both the left and right to task?
Prior to this, I'd have thought America and especially its government agencies do not hack.
Why would you have thought that? Spying has been going on since pretty much the dawn of time. It's what spy agencies do, and hacking computers is one way that they do it. Being surprised that the CIA does hacking is like being surprised that the Army shoots people.
I guess I was wrong. What troubles me is that the media only talked about the Russians, yet the act was taking place in our backyard!
What makes you think this spying was taking place in our backyard? The fact that the CIA was installing spyware doesn't mean that the CIA was installing spyware on the property of US citizens. (it doesn't mean they weren't, either -- but as a
The fact that the CIA was installing spyware doesn't mean that the CIA was installing spyware on the property of US citizens.
Do I smell naivety here?
No you apparently just have bad reading comprehension or are trying to take stuff out of context just to be a cock sucking prick. Either way you're part of the problem.
Yeah, well, when it comes to the CIA/DEA/FBI/etc it is pretty naive to believe they are bound by any 'laws'
>CIA
>matter of law
Choose one.
Ahem,I don't know about what they're installing on US home computers but where communication is concerned I know at least three ways around the legal limitations without the need to ask for a warrant and
(no tails support [boum.org] though, argh)
To bad you can't get to the UEFI / BIOS menus on a mac to be able to change boot keys.
This even made it into an episode of "Person of Interest" during its last season - although in that case I believe it was a criminal syndicate adding code to the EFI before the computers were shipped. Oh wait, I guess it was exactly the same after all!