Apple does not address the real problem of how vulnerable its products are today after declaring that the latest CIA hacking documents release by WikiLeaks are outdated.
Apple reached out to TechCrunch on Thursday to declare that the WikiLeaks Vault 7 Dark Matter archives, which in part details how the CIA installed a tracking beacon named NightSkies in factory-fresh iPhones as far back as 2008, was outdated.
The burning question that is not addressed is how far has the CIA hacking methods progressed since 2008, and what capabilities does the spy agency have now?
In other words how vulnerable are Apple products to CIA infiltration today, nine years after the fact, and was Apple complicit in working with the CIA to install the NightSkies tracking beacon in its factory-fresh iPhones?
We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.
We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.
How does Apple define “harm” in the above statement? How about “theft?” One can still spy one someone without stealing, and harm can have a whole range of connotations.
To give Apple the benefit of the doubt, it may have contracts with certain government agencies that do not allow the tech giant to disclose certain information as it may present a conflict of interests.
WikiLeaks reached out to major tech companies including Apple, Microsoft, Google, and Mozilla with an offer to provide information about cybersecurity vulnerabilities that could be exploited by intelligence agencies like the CIA.
Not all of the companies responded immediately, but one WikiLeaks tweet gave the reason, “Most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies.”
On the other hand, Apple’s vague language in its statement to TechCrunch gives no mention that it is working to block CIA hacking infiltration.
According to WikiLeaks, the CIA has been infecting the iPhone supply chain of its targets since at least 2008.
Furthermore, WikiLeaks uncovered the CIA hacking project “Sonic Screwdriver” — an infector that specifically attacked Apple’s Macintosh computers.
Sonic Screwdriver was a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled,” according to the Vault 7 Dark Matter archive.
Just because the information may be “outdated” doesn’t make it any less true. The CIA will continue to invent new ways to spy on whomever it wants and by any means it can. It is an animal all to itself that answers to nobody.
Even former President Harry Truman said the creation of the CIA was a mistake and that “those fellows in the CIA don’t just report on wars and the like, they go out and make their own, and there’s nobody to keep track of what they’re up to.”
Not all wars require bombs, troops, or guns.
The real issue that Apple hasn’t addressed is how vulnerable its products are to CIA hacking, and whether or not it has private contracts that prevent it from disclosing how close its relationship is with intelligence agencies.