WikiLeaks Claims CIA Is Developing Zero-Day Exploits And Malware For iOS

WikiLeaks

According to a series of documents released by WikiLeaks, CIA has a dedicated hacking unit working within its Center for Cyber Intelligence(CCI), which is devoted to developing and obtaining zero-day exploits for iOS devices. A zero-day exploit is one unknown to Apple or security researchers, so cannot specifically be protected against.

The group has published over 8,000 documents regarding the dedicated unit within the CIA’s Center for Cyber Intelligence. Most of the released documents focused on not only developing, but also obtaining, malware, including zero-day exploits, for a variety of devices and platforms.

A report also claims that most of the malware and exploits are centered around iOS devices, due to their popularity “among social, political, diplomatic and business elites”.

Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and ex-filtrate data from iPhones and other Apple products running iOS. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.

WikiLeaks says that the information became known, because the CIA recently “lost control” of most the malware used to attack iPhones and iPads. Thus, this information is passed around between former U.S. government hackers and contractors, all unauthorized.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, Trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

According to the leaked documents, CIA also has other teams working on various devices. In addition to the unit focused on iOS exploits, the CIA also have teams working on attacking Samsung smart TVs, the Android platform, and Windows. The goal in some of these instances is also to turn these devices into “covert microphones”. WikiLeaks claims that the hacking unit is operating at such a scale that it is effectively a second NSA.

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.

The BBC has also reported that some of the iOS malware allows “the agency to see a target’s location, activate their device’s camera and microphone, and read text communications”.

Finally, Will Strafach (@chronic, “iOS hacker, infosec”) has replied to a tweet from 9to6Mac saying that there is “no evidence of working iOS malware yet”, but says that he is digging through the papers published by WikiLeaks to discern more.

https://twitter.com/chronic/status/839129526697410565

Edward Snowden has also tweeted that the leak could be real as the code names are real and would only be known by a cleared insider.

Source: [1][2][3]

Haridas Gowra Avatar

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

Subscribe to Newsletter




Privacy Settings

Privacy & Cookie Overview

Our website uses cookies to provide you with the best user experience possible. These cookies are stored in your browser and perform essential functions such as recognizing you when you return to our website, as well as helping us to understand which sections of the website you find most useful and engaging.

To learn more, you can read our Privacy & Cookie Policy or reach out through our Contact form.

Strictly Necessary Cookies

Strictly Necessary Cookies must always be enabled to ensure the proper functioning of this website and to allow us to provide you with excellent service. These cookies are also essential for saving your cookie preferences.

Google Adsense

We use Google AdSense to keep this site free by displaying relevant ads. AdSense requires essential cookies that cannot be disabled, but you can manage other cookies. We respect your privacy and provide options to control non-essential cookies.

For more details on how Google handles your data, visit Google's Data Usage Policy. Please review our Privacy Policy for more information on how we protect your data.

AddToAny

We use AddToAny for social sharing. It doesnโ€™t store cookies, ensuring a privacy-friendly experience. AddToAny complies with GDPR and CCPA by default.

For more, see their Privacy Policy.

OneSignal

We use OneSignal to send notifications to users who opt in. OneSignal complies with GDPR and is certified under the EU-US and Swiss-US Privacy Shield frameworks.

For more, see their Privacy Policy.

3rd Party Cookies

This website utilizes third-party cookies, which can enhance your experience and support our ongoing efforts to improve our services.

Google Analytics

We use Google Analytics to collect anonymous data, such as visitor numbers and popular pages, to improve user experience and site performance. Keeping this cookie enabled helps us refine the site based on visitor activity.

For more information, see Googleโ€™s Privacy Policy.

Discover more from Prime Inspiration

Subscribe now to keep reading and get access to the full archive.

Continue reading