WikiLeaks documents show CIA struggling to crack Apple gear, little danger to everyday fol...

Posted:
in iPhone edited March 2017
While the revelations that the CIA has its own device penetration department, including a section for Apple equipment, a closer look at the revealed data shows an agency struggling with the realities of modern surveillance, and a increasingly sophisticated investigation target base.




Any penetration requires four major factors to be effective -- a vector of attack, a deployable payload compromising the system, invisibility, and exfiltration of gathered data. Failure of any of the four makes the effort pointless.

Initial review of documentation revealed in the WikiLeaks publication of the "Vault 7" program documents shows a CIA having problems with combining all four factors on the newest Apple gear and software at the same time.

14 iOS exploits, codenamed: WildTurkey, McNugget, et al

Under an assortment of code names, the CIA developed or purchased many exploits, running all the way to iOS 9.2 in the end of 2015 -- but the agency's own data reveals the ephemeral nature of the vectors.

Many are eradicated by a full reboot of the device. Others are purged by a restore.
It is not Apple's, Google's or any other tech company's job to make penetrating their devices easier.
While some are remote, they still need to be specially crafted. The target needs to be convinced to visit a compromised page, or the exploit needs to be installed in a trusted page somehow.

Older devices and devices running early versions of iOS remain exploitable. However, older devices stuck on iOS 5 or the latest batch left behind with iOS 9 will not likely see security patches.

AirPort -- project Harpy Eagle

The AirPort exploit effort remains relevant, despite the relative age of the leak. Apple's networking hardware hasn't been altered at all since the penetration efforts began, with only three firmware updates in nearly two years.

The Harpy Eagle documents show an extensive decompilation effort of Apple's code in order to "install a persistent rootkit into the flash storage" of the AirPort, as well as a close examination of the AirPort Utility on then OS X. Assuming the documents are relatively complete, the effort doesn't appear complete, with no fully functional or reliable exploits allowing the CIA to insert itself in a target's network through AirPort router hardware.

The effort appears partially stymied by not just Apple's security through firmware 7.7.3, but the custom codebase developed for the router -- the same thing that has historically prevented the gear from compromise through a variety of other exploits that have plagued router manufacturers recently.

Given that the data dump is primarily from the tail-end of 2015, progress has likely been made -- but Apple has released three updates in the same time frame. However, as demonstrated with exploits on other platforms, a new version of the AirPort firmware sets the agency back.

OS X Mavericks -- project DerStarke

The documents about penetrating the then-new Mavericks is perhaps the most telling of the batch. The worklog detailing DerStarke discusses EFI bootloader compromise, as well as a way to "inject into" popular Internet traffic monitoring utility Little Snitch to prevent the target from spotting data transfer.

Once again, the documents express the difficulty of adjusting to a "moving target" after Apple's hardware and software updates.

It appears that the OS X/macOS tools are more advanced than those for iOS -- which makes sense, as the underpinning of OS X has been around since the turn of the century and OS X is far more open than iOS is.

Sensational, but of little actual impact

AppleInsider has yet to plow through all of the nearly 9000 multi-page documents released in just the first batch, and WikiLeaks promises there are more coming. Even going through the Apple-centric ones, the inescapable conclusion remains that while developing the Center for Cyber Intelligence in a less than transparent fashion, the CIA is fulfilling its role in the strange relationship that law enforcement has with Silicon Valley.

It is not Apple's, Google's or any other tech company's job to make penetrating their devices easier. As emphasized by testimony before the Senate Investigative Committee regarding the encryption debate in 2016, it is law enforcement's responsibility to build its own tool library for conducting investigations -- and this library is exactly what the "Vault 7" initiative planned.

Apple has since revealed that it has patched most of the CIA's exploits in iOS 10.

Whether or not the CIA violated an Obama-era prohibition on stock-piling so-called "zero-day" exploits is worth mentioning, but mostly irrelevant to users. For better or worse, the agency decided that keeping the exploits to themselves and using them as need-be would be "safer" for the American public.




They may be right. There is more "low-hanging fruit" for the criminal element to utilize. The CIA's exploits for more modern devices up through the end of 2015 require physical access to a device. The less global-scale criminal activities rely on significantly simpler and less costly to implement Java or Flash "drive-by" exploits to steal credentials, or execute the new "ransomware"-styled attacks requiring a BitCoin payment for a delivered encryption key.

The libraries are public -- so now what?

The CIA's mandate is to gather information on international persons of interest, primarily through human-gathered intelligence. The library dump is not contrary to that goal, advances the CIA's purpose -- and most importantly there is no evidence that the agency used the tools illicitly against the U.S. public.

Regardless of the libraries going public, most AppleInsider readers don't need to worry about the libraries, other than from a idealogical or political standpoint. Bar none, the CIA attacks are targeted, with nearly all of the "modern" ones for Apple equipment requiring physical access to equipment and a great deal of effort and sometimes physical danger, to implement.

The larger danger is the fact that the exploit library is public, with some vectors of attack more well-known now. This doesn't make the attacks any easier to deploy, but it does widen the potential pool of people willing to use them.

None of the exploits are mass-deployable, or pose any significant mass-surveillance threat. It remains far easier in most cases for the CIA or other intelligence gathering or law enforcement agencies to collect location and call data for iPhone users from wireless carriers, and perform some old-school legwork to suss out information about a target.
«13

Comments

  • Reply 1 of 44
    maestro64maestro64 Posts: 4,414member

    First. our government should not be spending so much money making the floors look so pretty, and putting big logos in the floor. Government workers should be working in spaces which were built by the lowest bidder with the cheapest available materials. The government is not a profit center so they should not be living like they make more money than the fortune 500 companies.

    I would not count on the government not testing their exploits out on the general public, they have to do a proof of concept and prove they can hack into people systems. It not the fact they were listening and observing but what they did with the information. Then we have the FBI director come out and say American can not expect to have privacy in the modern age, the above article is why.

    I am just glad Apple is on all of our sides at this point, and glad to hear Little Snitch may catch what our government is trying to do. I have use little snitch for many years and can not tell you how many apps do things you have no idea what they are doing. I have google total blocked from reporting home what I do.  

    edited March 2017 longpathwonkothesanebrian greenjbdragonfotoformatmonstrositydamn_its_hot
  • Reply 2 of 44
    wood1208wood1208 Posts: 1,759member
    We need to strengthen USA's intelligence safeguards and punish by death(him/her and their family) if anyone from inside leak any intelligence. Today, it may be silly inforamtion that CIA trying to create tools to hack IOS but tomorrow it can leak about the brave intelligence undersover agent's names which can put their life in harms-way, get killed.
    edited March 2017 king editor the gratebrian greenjbdragon
  • Reply 3 of 44
    jSnivelyjSnively Posts: 326administrator
    This is an important topic and conversation about it from all sides is more than warranted. Just be respectful to each other and please keep things on topic. If it gets out of hand we will close the thread.

    longpathapple jockeySpamSandwichdasanman69
  • Reply 4 of 44
    jungmarkjungmark Posts: 6,626member
    "It is not Apple's, Google's or any other tech company's job to make penetrating their devices easier."

    correct. Anyone that says otherwise is a fool. 
    longpathericthehalfbeejSnivelyronn
  • Reply 5 of 44
    Just the tip of the iceberg I'm afraid.
    The more IoT stuff we put into our homes, the greater the attack vector the bad guys have to aim at.
    Smart TV's, Light Bulbs, Fridges, Amazon and Google boxes used as voice assistants.... the list is growing and it is not only phones and computers.


    lostkiwidasanman69
  • Reply 6 of 44
    maestro64 said:

    Government works should be working in spaces which were built by the lowest bidder with the cheapest available materials. ;

    That sounds great, but I'm not sure it's the best policy. Our city built a community college in the late 1960s using brick: the exterior of the future! Maintenance-free, right? Twenty-five years later, it started shedding them. So we had to blow the jack to have the bricks removed and the building shod in aluminum. Mayhap a higher bidder would have provided better value.
    edited March 2017 firelockboxcatcherronnretrogusto
  • Reply 7 of 44
    mike1mike1 Posts: 1,804member
    maestro64 said:

    First. our government should not be spending so much money making the floors look so pretty, and putting big logos in the floor. Government works should be working in spaces which were built by the lowest bidder with the cheapest available materials. The government is not a profit center so they should not be living like they make more money they the fortune  500 companies.

    I would not count on the government not testing their exploits out on the general public, they have to do a proof of concept and prove they can hack into people systems. It not the fact they were listening and observing but what they did with the information. Then we have the FBI director come out and same American can not expect have privacy in the modern age, the above article is why.

    I just Glad Apple is on all of our sides at this point, and Glad to hear Little Snitch may catch what our government is trying to do. I have use little snitch for many years and can not tell you how many apps do things you have no idea what they are doing. I have google total blocked from reporting home what I do.  

    Your ideas are not the way to attract the best and the brightest to work for our government agencies. Hardly think an agency seal and a janitor pushing a broom to keep a work environment clean is a waste of government resources.
    afrodriMacProStrangeDaysfirelockmwhiteronnlostkiwipscooter63fastasleep
  • Reply 8 of 44
    jmgregory1jmgregory1 Posts: 451member
    It's funny how many people are on both sides of the fence with regards to device data privacy.  We want the government to be able to listen to / watch / catch the "bad" guys before they do bad things.  But we also want to maintain our own privacy and ensure the government stays out of our "business".

    It's clear now that the government has enough issues maintaining their own data integrity in this day and age where global actors can have more ways to access "secure" data, let alone having things get passed the old fashioned way - by someone who has a beef with any particular agency or government.
  • Reply 9 of 44
    StrangeDaysStrangeDays Posts: 6,508member
    maestro64 said:

    First. our government should not be spending so much money making the floors look so pretty, and putting big logos in the floor. Government works should be working in spaces which were built by the lowest bidder with the cheapest available materials. The government is not a profit center so they should not be living like they make more money they the fortune  500 companies.

    Odd thing to take issue with, considering there isn't much remarkable about that floor photo. However I disagree with you on office space. If you built cheap dumps for government offices, guess what sort of staff you'll going to build? A staff that is okay with working in a dump. I've worked both private and public, local and federal -- and I know first hand that good talent won't stick around if stuck in the basement or whatever you have in mind for them. As a manager I want a work space that is conducive to good work and retaining talent.
    stompyafrodrironniqatedolostkiwipscooter63retrogusto
  • Reply 10 of 44
    StrangeDaysStrangeDays Posts: 6,508member

    wood1208 said:
    We need to strengthen USA's intelligence safeguards and punish by death(him/her and their family) if anyone from inside leak any intelligence. 
    Am I reading this right -- are you honestly suggesting we execute these document leakers and their families? That strikes me as absurd. Something N. Korea would do.
    edited March 2017 SoliwonkothesanejSnivelymagman1979afrodrironnlostkiwiretrogustomonstrosityspacerays
  • Reply 11 of 44
    SoliSoli Posts: 8,461member
    I hope this helps shine a light on the importance of Apple's HomeKit.
    jSnivelymagman1979robin huberlostkiwi
  • Reply 12 of 44
    wood1208wood1208 Posts: 1,759member

    wood1208 said:
    We need to strengthen USA's intelligence safeguards and punish by death(him/her and their family) if anyone from inside leak any intelligence. 
    Am I reading this right -- are you honestly suggesting we execute these document leakers and their families? That strikes me as absurd. Something N. Korea would do.
    You or me are not defending USA and their people against all foreign and terrorist organization who constantly trying to find a way to hurt innocent Americans. My kids are born here but I am not born American but I love this country more than anyone to not allow anyone to harm Americans in any way, FBI or CIA has no intentions to harm normal/regular Americans because it's their duty to defend them. So, let them do their job if they hack my iPhone or android phone, long as they stay focus defending America/Americans..Our court system is so liberal that criminals get easy pass and stay out of prison and continue harming innocent Americans.
    edited March 2017 robin huber
  • Reply 13 of 44
    SoliSoli Posts: 8,461member
    wood1208 said:
    We need to strengthen USA's intelligence safeguards and punish by death(him/her and their family) if anyone from inside leak any intelligence. Today, it may be silly inforamtion that CIA trying to create tools to hack IOS but tomorrow it can leak about the brave intelligence undersover agent's names which can put their life in harms-way, get killed.
    You're equating whistleblowers to treason and wanting us to put our head in the sand when there are real security risks. Unfortunately, not enough people are proactive enough in protecting themselves from threats.

    We also see irrational outlets of fear. For example, people on this forum afraid that the Amazon Echo listening for the Alexa keyword means that it's recording everything, yet not once considering that their PC's microphone could be recording everything without their knowledge. Where is the logic in thinking that because Amazon says they listen for a keyword that it's any less secure than your PC, which you could've given admin rights via an app that is connected to your mic, camera, and display?

    Kill entire families? So the Geneva Convention or just any level of humanity is no longer a consideration? I don't want to live in that world.
    apple jockeyjSnivelypaxmanronnlostkiwiStrangeDays
  • Reply 14 of 44
    SoliSoli Posts: 8,461member
    wood1208 said:

    wood1208 said:
    We need to strengthen USA's intelligence safeguards and punish by death(him/her and their family) if anyone from inside leak any intelligence. 
    Am I reading this right -- are you honestly suggesting we execute these document leakers and their families? That strikes me as absurd. Something N. Korea would do.
    You or me are not defending USA and their people against all foreign and terrorist organization who constantly trying to find a way to hurt innocent Americans. My kids are born here but I am not born American but I love this country more than anyone to not allow anyone to harm Americans in any way, FBI or CIA has no intentions to harm normal/regular Americans because it's their duty to defend them. So, let them do their job if they hack my iPhone or android phone, long as they stay focus defending America/Americans..Our court system is so liberal that criminals get easy pass and stay out of prison and continue harming innocent Americans.
    Do you think that Apple should give them a backdoor? Do you think that spying on every American should be the norm?

    I don't, on both counts. If they want to try to find and exploit a flaw, then by all means go for it, but the same goes for heroic whistleblowers that reveal when a government is overstepping their authority, and I am shocked that you'd suggest that an entire genetic line of family members should be murdered in order to help an out of control government from losing its authorization rule over its people.
    edited March 2017 StrangeDays
  • Reply 15 of 44
    firelockfirelock Posts: 119member
    Why is anyone surprised that the CIA has developed tools to, well, spy on people? In fact I would be pretty upset if the CIA and NSA were not developing tools like this. This is no different than when the CIA developed tools to spy on other countries by rigging their photocopiers with cameras. 
  • Reply 16 of 44
    maestro64maestro64 Posts: 4,414member
    mike1 said:
    maestro64 said:

    First. our government should not be spending so much money making the floors look so pretty, and putting big logos in the floor. Government works should be working in spaces which were built by the lowest bidder with the cheapest available materials. The government is not a profit center so they should not be living like they make more money they the fortune  500 companies.

    I would not count on the government not testing their exploits out on the general public, they have to do a proof of concept and prove they can hack into people systems. It not the fact they were listening and observing but what they did with the information. Then we have the FBI director come out and same American can not expect have privacy in the modern age, the above article is why.

    I just Glad Apple is on all of our sides at this point, and Glad to hear Little Snitch may catch what our government is trying to do. I have use little snitch for many years and can not tell you how many apps do things you have no idea what they are doing. I have google total blocked from reporting home what I do.  

    Your ideas are not the way to attract the best and the brightest to work for our government agencies. Hardly think an agency seal and a janitor pushing a broom to keep a work environment clean is a waste of government resources.

    You assume they are the best and the brightest, plus it is not about the building you work in, if  someone is working for the government they do because they feel they have civic duty. This is why the government employs over 3 million people today, they love all those perks and jobs for Life. Glad to see Trump trying to put an end to that.

    Also you know most companies are going to a very minimalist work environment, they been moving away from the fancy work spaces.

    edited March 2017
  • Reply 17 of 44
    Presently, in my estimation we have a proper and healthy race between our security apparatus and the technology companies. Apple is working fervently to protect us, our data and their well deserved reputation. Yet, ideally, Apple should and likely is, maintaining  a respectable distance just behind the bleeding edge lead, intelligence agencies are trying to hold against our adversaries. This balance is in everyone's interest. 
    So in Apple world ( normal user edition ) all is in balance, none of us have information worthy of national intelligence surveillance, and if we do, then we should expect oversight, by the FBI. And as long as our government is held to historically accepted Constituional protections and exerts a benevolent leadership, now in question, then there will be nothing to be concerned about in that realm.
    Apple is both a valuable protector of our rights, a good corporate and planetary citizen and a valuable voice for our freedoms and liberty.
    They have an extremely difficult path to follow, but they are firmly on the side of truth, justice and security, by every metric I have seen.

    edited March 2017 airmanchairman
  • Reply 18 of 44
    maestro64 said:

    First. our government should not be spending so much money making the floors look so pretty, and putting big logos in the floor. Government works should be working in spaces which were built by the lowest bidder with the cheapest available materials. The government is not a profit center so they should not be living like they make more money they the fortune  500 companies.

    I would not count on the government not testing their exploits out on the general public, they have to do a proof of concept and prove they can hack into people systems. It not the fact they were listening and observing but what they did with the information. Then we have the FBI director come out and same American can not expect have privacy in the modern age, the above article is why.

    I just Glad Apple is on all of our sides at this point, and Glad to hear Little Snitch may catch what our government is trying to do. I have use little snitch for many years and can not tell you how many apps do things you have no idea what they are doing. I have google total blocked from reporting home what I do.  

    Own a lot of tinfoil hats, do you?  I'm not surprised.

    The foot traffic that crosses that logo each day would destroy any lesser flooring material in 3 to 5 years, requiring replacement.  Lowest bidder for the same quality is one thing, choosing the lowest bidder using a lower quality build is quite another.  The current CIA facility was dedicated in Nov 1961 by then President Kennedy.  That would make CIA headquarters 56 years old this year.  Whatever it cost for those floors (and everything else in the building) back then, I'd say the US taxpayer has received good value for their money.
    apple jockeyronnfirelockStrangeDays
  • Reply 19 of 44
    paxmanpaxman Posts: 4,589member
    maestro64 said:

    First. our government should not be spending so much money making the floors look so pretty, and putting big logos in the floor. Government works should be working in spaces which were built by the lowest bidder with the cheapest available materials. The government is not a profit center so they should not be living like they make more money they the fortune  500 companies.

    Odd thing to take issue with, considering there isn't much remarkable about that floor photo. However I disagree with you on office space. If you built cheap dumps for government offices, guess what sort of staff you'll going to build? A staff that is okay with working in a dump. I've worked both private and public, local and federal -- and I know first hand that good talent won't stick around if stuck in the basement or whatever you have in mind for them. As a manager I want a work space that is conducive to good work and retaining talent.
    More importantly - A Government is an institution that requires to be entrusted with a certain authority by its citizens to operate successfully. The fact that government seems to be losing this trust is a different story, but the reason why buildings that represent authority and leadership are usually monumental is very much part of the creation of the concept (or if you like, myth), of exactly that - authority and leadership. There is no such thing as government unless we all agree to entrust it with the task of running the country. Placing governmental bodies and workers in cheap shack like cowsheds at the edge of town would make it an awful lot harder to get the population behind the very idea of 'government'. You may not like the way your government conducts its business, but most people believe in governance and government in one form or another. 
    StrangeDays
  • Reply 20 of 44
    wigginwiggin Posts: 2,265member
    Soli said:
    wood1208 said:
    We need to strengthen USA's intelligence safeguards and punish by death(him/her and their family) if anyone from inside leak any intelligence. Today, it may be silly inforamtion that CIA trying to create tools to hack IOS but tomorrow it can leak about the brave intelligence undersover agent's names which can put their life in harms-way, get killed.
    You're equating whistleblowers to treason and wanting us to put our head in the sand when there are real security risks. Unfortunately, not enough people are proactive enough in protecting themselves from threats.

    We also see irrational outlets of fear. For example, people on this forum afraid that the Amazon Echo listening for the Alexa keyword means that it's recording everything, yet not once considering that their PC's microphone could be recording everything without their knowledge. Where is the logic in thinking that because Amazon says they listen for a keyword that it's any less secure than your PC, which you could've given admin rights via an app that is connected to your mic, camera, and display?

    Kill entire families? So the Geneva Convention or just any level of humanity is no longer a consideration? I don't want to live in that world.

    I 100% agree with your response to the call for “punishment by death” statement of the original post which is clearly absurd. But I’d strongly contend that the release of these document would not be considered whistleblowing (based on what we know so far).

    This AI article is one of the few that discuss this issue in a level-headed manner. Of course the CIA works on developing these tools! Anyone who would be surprised by this would also be surprised to learn that their local police department has jail cells (which could be used to wrongfully imprison you) and the fire department has axes (which they could attack you with). It’s their job to have these tools, and their responsibility to use them lawfully. And if they don’t, they need to be held accountable, which is where whistleblowing may come into the picture.

    As far as I’m aware, so far these documents fall into the “that’s their job” category and haven’t provided any evidence that they’ve been illegally deployed against US citizens. Of course, there are entities out there who love the FUD these “revelations” create even if they know that the facts are being grossly misrepresented/misunderstood.

Sign In or Register to comment.