Wikileaks Releases "NightSkies 1.2": Proof CIA Bugs "Factory Fresh" iPhones

[FloatingFatMan]

1 hour ago, FunkyMike said:

I am not a dev. The most that I do is tinker with AMD/Intel drivers and editing EFI roms to unlock switchable graphics options on laptops but from experience Intel Management Engine never gets updated by follow up BIOS updates of the original ODM.

 

Also Intel ME isn't opensource.

Intel ME also isn't used in an iPhone...

[FunkyMike]

3 minutes ago, FloatingFatMan said:

Intel ME also isn't used in an iPhone...

And you were not talking about iPhones when I replied.

 

 

Yet if we are talking about Iphones .. they also have exploits that are found and that get used:

 

6 hours ago, FloatingFatMan said:

Considering how much these devices get hacked, software such as this would have been discovered years ago by one of said hackers.

http://www.timesofisrael.com/fbi-contract-a-strong-sign-fbi-used-israeli-tech-to-crack-san-bernardino-iphone/

 

 

 

[FloatingFatMan]

1 minute ago, FunkyMike said:

And you were not talking about iPhones when I replied.

The whole topic is about iPhones.  My comment was merely expressing to Mir that I'm experienced in developing for embedded systems, which phone are but one example of.

 

1 minute ago, FunkyMike said:

Yet if we are talking about Iphones .. they also have exploits that are found and that get used:

 

http://www.timesofisrael.com/fbi-contract-a-strong-sign-fbi-used-israeli-tech-to-crack-san-bernardino-iphone/

 

And? Sure, these devices have exploits in them, which is not what this article is about. It's about the CIA secretly hiding backdoor software inside the phones which essentially gives them full access, and yet no one so far has found any signs of it in the devices.  

 

Sure, software can be embedded in the OS and even in the radio stack below the level of the OS itself, but the chances of it being undiscovered by now are zero. Especially as, to work as claimed and upload files from the phones to an online location, far more than just the phone would have to have been compromised to remain undetected.

 

[FunkyMike]

2 minutes ago, FloatingFatMan said:

And? Sure, these devices have exploits in them, which is not what this article is about. It's about the CIA secretly hiding backdoor software inside the phones which essentially gives them full access, and yet no one so far has found any signs of it in the devices.  

 

Have we both been reading the same article here?

 

Quote

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

Where does it mention that the CIA has been hiding backdoor software inside all iphones?

[FloatingFatMan]

... Well, there's your OP for a start...

[FunkyMike]

17 minutes ago, FloatingFatMan said:

... Well, there's your OP for a start...

Yes I am quoting my OP. The quoted line ^^ was from Wikileaks. No mention of what you claim.

 

 

On 23/03/2017 at 3:27 PM, FunkyMike said:

A new WikiLeaks Vault 7 leak titled “Dark Matter” claims that the Central Intelligence Agency has been bugging “factory fresh” iPhones since at least 2008 through suppliers.  The documents are expected to be released after a 10 a.m. EDT “press briefing” that WikiLeaks promoted on its Twitter.

 

^^ This line is from the ZH article . Can you please point out to me where they claim what you imply:

 

25 minutes ago, FloatingFatMan said:

Sure, these devices have exploits in them, which is not what this article is about. It's about the CIA secretly hiding backdoor software inside the phones which essentially gives them full access, and yet no one so far has found any signs of it in the devices.  

 

Sure, software can be embedded in the OS and even in the radio stack below the level of the OS itself, but the chances of it being undiscovered by now are zero. Especially as, to work as claimed and upload files from the phones to an online location, far more than just the phone would have to have been compromised to remain undetected.

I think you have misread the article.

 

 

 

This article at no point mentioned that all Iphones are infected by the CIA.

 

Edit: This article should not have ended up in the Conspiracy section. 

Yes it was posted via ZH (not a tech site) prior to the article that went up on the Front Site news section but I still see no reason why this article was "demoted" into what has now become the "Derogatory section" of the forum.

Edited March 24, 2017 by FunkyMike
Edit comment

[exotoxic]

Probably only ever been used 1 or 2 times.

[FunkyMike]

1 minute ago, exotoxic said:

Probably only ever been used 1 or 2 times.

And I very much doubt that Terrorists are the types that post their Iphone debugging experiences online.

[+Mirumir Subscriber¹]

3 hours ago, FloatingFatMan said:

You mentioned the entire production chain being compromised. That's EVERYTHING from the hardware in the cell tower, to the hardware at the telco provider's many sites, much of which is designed and manufactured in China.   Almost none of this hardware is designed in the US, you know.

How so?

 

Intel, AMD, Qualcomm, Apple are all U.S.-based chip design companies.

 

As you know, the current generation of CPU's sport billions of transistors. Creating a special set of transistors and embedding a hidden malware on the hardware level is a very easy task in this day and age.

[FunkyMike]

So whats up @FloatingFatMan will you admit that you misread the article and didn't apologise?

 

- Made a smudged statement that implied that everyone who found this to be obvious has a vested interest in rubbishing the US intel services. 

 

Then went on to belittle @Mirumir

 

 

7 hours ago, FloatingFatMan said:

And yet, help from a third party was needed after Apple refused to grant law enforcement access to an iPhone owned by a murder suspect... Ooookaaaaaaaayyyy...  Why would that have been necessary if there's a backdoor installed?

 

And the "conspiracy" just gets bigger and bigger and bigger.  Have you any idea how utterly impossible it is for a single government agency to control a GLOBAL manufacturing process for thousands of bits of equipment, most of which is made in nations the CIA wouldn't have a hope of controlling, such as  China?  Are you really that far detached from reality?

 

And you really don't have a clue how software development works, do you?

IF this software exists, one of the many anti-establishment hackers that regularly hack the iPhone WOULD have found it. You cannot hide something like this once it's in the public domain.

 

I don't need to know how intelligence agencies work. I'm a software developer, I've been one for over 30 years and I have plenty of experience in reverse engineering. I know for a fact that you cannot hide software like this from prying eyes once it's in the public domain.

 

Nope. Not at all. Part of my 30 years programming was spent on embedded systems, included some military hardware way back in the late 80's/early 90's.  

 

There are too many points in the chain where this software would have been discovered.

 

Part of this is Vanity .. part of this is simply not reading the initial article and crying wolf. 

 

 

Quote

 

Where's the proof, please? Too many people are too quick to believe anything Wikileaks publishes. I require verified and corroborated PROOF.  If this software exists in iOS, it would be pretty easy to prove it.

 

Wikileaks has a very good record (if not spotless record) of publishing info.

 

[Joni_78]

7 hours ago, Skiver said:

I'll move it back when someone from the CIA or Apple confirms it. I'm not here to debate whether this is true or not, what I choose to believe or not is irrelevant to the fact that this is nothing more than a rumour.

What? Neowin is filled with unconfirmed rumours about Apple/MS, hardware or whatever, these are newer moved to it's a conspiracy.

[Skiver Veteran]

3 minutes ago, Joni_78 said:

What? Neowin is filled with unconfirmed rumours about Apple/MS, hardware or whatever, these are newer moved to it's a conspiracy.

 

 

A tech rumour is very different to a rumour regarding alleged CIA spying.

 

 

 

[Joni_78]

1 minute ago, Skiver said:

A tech rumour is very different to a rumour regarding alleged CIA spying.

 

 

 

True. A rumour alleging that CIA is into spying business does sound really far-fetched.

[FloatingFatMan]

26 minutes ago, FunkyMike said:

 

So whats up @FloatingFatMan will you admit that you misread the article and didn't apologise?

 

- Made a smudged statement that implied that everyone who found this to be obvious has a vested interest in rubbishing the US intel services. 

 

Our discussion was focussed on the iPhone part of the allegation.

 

Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

 

IF such a thing was happening, they have to be infecting them at the point of manufacture, ie: in China at the Foxcon factory, and IF they'd been doing this, it would  have been noticed by now.

 

Sure, it's possible to inject such software, but not without it being detected by anyone that knows what they're doing, and a LOT of people work rather hard to hack iPhones.

 

 

26 minutes ago, FunkyMike said:

Then went on to belittle @Mirumir

Because he was making ridiculous claims that the entire manufacturing chain, from phone manufacturer, to cell tower hardware, to telco provider, was compromised and in on it. It's the only way the additional data usage would go unnoticed by anyone paying attention, and a LOT of people pay attention to unknown data usage these days.

 

 

[Skiver Veteran]

Just now, Joni_78 said:

True. A rumour alleging that CIA is into spying business does sound really far-fetched.

 

You can keep twisting my words as much as you want but I've made this point over and over. Until the CIA or Apple confirm this, it is not fact, therefore I believe to be fully within the meaning of the word conspiracy. 

 

This has nothing to do with the likelihood of this being true or not which is what I believe some people seem to be getting hung up on. By moving it here I am not stating this is untrue, I am not offering out tin foil hats to those who believe this to be true.

 

Quote

Conspiracy - A secret plan by a group to do something unlawful or harmful.

 

Intel releasing a new CPU and the details being leaked is not a secret plan by a group to do something unlawful or harmful.

 

 

 

 

 

 

 

[FunkyMike]

3 minutes ago, FloatingFatMan said:

Our discussion was focussed on the iPhone part of the allegation.

 

You were clearly under the assumption that all iPhones were compromised. You state this over the course of 2 pages.

 

8 hours ago, FloatingFatMan said:

And yet, help from a third party was needed after Apple refused to grant law enforcement access to an iPhone owned by a murder suspect... Ooookaaaaaaaayyyy...  Why would that have been necessary if there's a backdoor installed?

 

This was your very first post. Why would the (in this case FBI) need access to a murder suspects iphone (in this case the Bernardino iPhone) if a backdoor was installed.

 

This assumes that all IPhones have this backdoor. False. The article didn't state this. You did not read the article.

 

8 hours ago, FloatingFatMan said:

Considering how much these devices get hacked, software such as this would have been discovered years ago by one of said hackers.  Has it been so?  Have any third parties verified WikiLeaks claims so far?

Obvious to whom? Those with a vested interest in rubbishing the US intelligence services, perhaps? Okay.

 

Where's the proof, please? Too many people are too quick to believe anything Wikileaks publishes. I require verified and corroborated PROOF.  If this software exists in iOS, it would be pretty easy to prove it.

 

 

Again the article doesn't mention anything about all Iphones having a CIA backdoor. It merely talks about the tools the CIA uses on a target prior to the target receiving his device.

 

1 hour ago, FunkyMike said:

Have we both been reading the same article here?

 

Where does it mention that the CIA has been hiding backdoor software inside all iphones?

 

1 hour ago, FloatingFatMan said:

... Well, there's your OP for a start...

Again. Point out to me where the original article makes your assumption.

 

Whilst Mirumir was indeed broad with his comments about the manufacturing supply chain also having the potential to be compromised (since cases like that have existed) you were still quite harsh.

[nekrosoft13]

8 hours ago, Skiver said:

I'll move it back when someone from the CIA or Apple confirms it. I'm not here to debate whether this is true or not, what I choose to believe or not is irrelevant to the fact that this is nothing more than a rumour.

haha, neither will ever confirm it

[TheGodOfKratos]

9 hours ago, FloatingFatMan said:

Considering how much these devices get hacked, software such as this would have been discovered years ago by one of said hackers.  Has it been so?  Have any third parties verified WikiLeaks claims so far?

Obvious to whom? Those with a vested interest in rubbishing the US intelligence services, perhaps? Okay.

 

Where's the proof, please? Too many people are too quick to believe anything Wikileaks publishes. I require verified and corroborated PROOF.  If this software exists in iOS, it would be pretty easy to prove it.

 

 

How many WikiLeaks articles have been published that were false? You mean the Edward Snowden leaks? At this point in the surveillance "game" its pretty damn easy to believe this is being done given our governments track record.

[+Mirumir Subscriber¹]

On 3/24/2017 at 8:07 PM, FloatingFatMan said:

Because he was making ridiculous claims that the entire manufacturing chain, from phone manufacturer, to cell tower hardware, to telco provider, was compromised and in on it. It's the only way the additional data usage would go unnoticed by anyone paying attention, and a LOT of people pay attention to unknown data usage these days.

Who says this type of data would be visible to an end-user to begin with? Do you think the engineers who designed this global GSM/GPS surveillance system working at Pentagon were stupid? Of course not.

 

However, it appears they made a few human errors after all. 

 

Quote

It has been revealed that virtually all Intel processors that launched in the past decade have a significant chip-level security flaw that could result in certain content - which could include passwords - in protected kernel memory being accessed by malicious code

 

https://www.neowin.net/news/security-flaw-patch-for-intel-cpus-could-result-in-a-huge-performance-hit

 

 

 

[Buttus]

The very first line of the post says "the Central Intelligence Agency has been bugging “factory fresh” iPhones since at least 2008 through suppliers"

 

i think that means that they have the ability to bug them, and if somehow they knew one was being shipped to, say Putin or Kim Jong-Un, or maybe some top level mafia boss, they could sneak in the software and hopefully they wouldn't have a team of hackers tear it down to search for spyware.

 

but not every phone has it installed, because it would have easily been found by now

[FloatingFatMan]

59 minutes ago, Mirumir said:

Who says this type of data would be visible to an end-user to begin with? Do you think the engineers who designed this global GSM/GPS surveillance system working at Pentagon were stupid? Of course not.

I used to field test new mobile phones for Acer and a few other OEMs. I know the subject considerably better than you do, Mir.

 

The traffic cannot be completely hidden without co-operation from -every- point in the chain. And even then, radio stacks for Android and iPhones have been reverse engineered many times. I've even done it myself.  Such a thing would have been found if it were in every phone.

[StrikedOut]

 

On 3/24/2017 at 3:20 PM, FunkyMike said:

Where does it mention that the CIA has been hiding backdoor software inside all iphones?

Fist line of the OP.

On 3/23/2017 at 2:27 PM, FunkyMike said:

A new WikiLeaks Vault 7 leak titled “Dark Matter” claims that the Central Intelligence Agency has been bugging “factory fresh” iPhones since at least 2008 through suppliers. 

If it wasn't the intention of the OP the state the CIA have been bugging iPhones for a decade, I'm sure you can appreciate why it has been taken that way.

 

Edit - The Neowin article is much clearer - https://www.neowin.net/news/new-vault-7-leaks-show-cia-can-install-persistent-malware-on-os-x-and-ios-devices

[Peresvet]

Quote

 

ECHELON, originally a secret government code name, is a surveillance program (signals intelligence/SIGINT collection and analysis network) operated by the US with the aid of four other signatory nations to the UKUSA Security Agreement:Australia, Canada, New Zealand and the United Kingdom, also known as the Five Eyes.

 

The ECHELON program was created in the late 1960s to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War, and it was formally established in 1971.

 

By the end of the 20th century, the system referred to as "ECHELON" had evolved beyond its military and diplomatic origins to also become "…a global system for the interception of private and commercial communications" (mass surveillance and industrial espionage).

 

https://en.m.wikipedia.org/wiki/ECHELON