WikiLeaks Claims CIA Is Developing Zero-Day Exploits And Malware For iOS
According to a series of documents released by WikiLeaks, CIA has a dedicated hacking unit working within its Center for Cyber Intelligence(CCI), which is devoted to developing and obtaining zero-day exploits for iOS devices. A zero-day exploit is one unknown to Apple or security researchers, so cannot specifically be protected against.
The group has published over 8,000 documents regarding the dedicated unit within the CIA's Center for Cyber Intelligence. Most of the released documents focused on not only developing, but also obtaining, malware, including zero-day exploits, for a variety of devices and platforms.
A report also claims that most of the malware and exploits are centered around iOS devices, due to their popularity "among social, political, diplomatic and business elites".
Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and ex-filtrate data from iPhones and other Apple products running iOS. CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
WikiLeaks says that the information became known, because the CIA recently "lost control" of most the malware used to attack iPhones and iPads. Thus, this information is passed around between former U.S. government hackers and contractors, all unauthorized.
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, Trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
According to the leaked documents, CIA also has other teams working on various devices. In addition to the unit focused on iOS exploits, the CIA also have teams working on attacking Samsung smart TVs, the Android platform, and Windows. The goal in some of these instances is also to turn these devices into "covert microphones". WikiLeaks claims that the hacking unit is operating at such a scale that it is effectively a second NSA.
By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
The BBC has also reported that some of the iOS malware allows "the agency to see a target's location, activate their device's camera and microphone, and read text communications".
Finally, Will Strafach (@chronic, "iOS hacker, infosec") has replied to a tweet from 9to6Mac saying that there is "no evidence of working iOS malware yet", but says that he is digging through the papers published by WikiLeaks to discern more.
— Will Strafach (@chronic) March 7, 2017
Edward Snowden has also tweeted that the leak could be real as the code names are real and would only be known by a cleared insider.
What makes this look real?
Program & office names, such as the JQJ (IOC) crypt series, are real. Only a cleared insider could know them.
— Edward Snowden (@Snowden) March 7, 2017