WikiLeaks says CIA knew how to hack iPhones in 2008 - but Apple says you shouldn’t worry
WikiLeaks claimed Thursday that the CIA had found a way to intercept and hack into Apple iPhones just a year after the company’s original smartphone hit the market. The group also claimed that the CIA was able to infect Mac computers.
But it’s very unlikely that your current iPhone or Mac was affected, experts say.
Apple said that its preliminary assessment of the WikiLeaks documents show that the “alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released.” The company also said that the alleged Mac exploits described by WikiLeaks were fixed in all Macs launched after 2013.
In response, the CIA referred to an earlier statement that declined to comment on the accuracy of the WikiLeaks information, but denounced disclosures “designed to damage the Intelligence Community’s ability to protect America against terrorists and other adversaries.”
The documents offer a rare glimpse into the world of modern espionage, said Jeff Pollard, a security and risk analyst at Forrester Research. For Apple and other companies, he said, it also shows that it’s very difficult to secure their products all the way from their factories to their customers.
“The most concerning part of this is that it highlights that it doesn’t matter how secure you keep a device,” he said. “You have to understand that there could also be something that gets delivered to you in a device that you purchased.”
According to WikiLeaks, the documents allege that, as far back as 2008, the CIA was able to install software on iPhones before they were shipped to their intended owners. There’s no evidence of tampering done at Apple’s factories, experts said. The documents also purportedly show that the CIA found a way to install software on Macs that could not be removed, even if a user were to reinstall their operating system. There is a specific mention of the CIA trying to intercept a laptop that it knew was being given to someone as a gift to plant its malware. Both methods require physical access to the devices.
There is no evidence in the documents that the CIA used these methods on a broad scale.
Experts who examined the documents said there is little chance that the average consumer - particularly in the United States, given the CIA’s foreign focus - would have been affected by these attacks, said Will Strafach, a noted iPhone security expert and co-founder of Verify.ly, a mobile app intelligence service. It’s also unlikely that anyone could look at these documents now and design a similar hack, he said.
“It’s too old. And even if it wasn’t too old, it requires you to get to a device that is en route to somebody specific,” he said.
The release of these documents follow a similar disclosure from WikiLeaks earlier this month, which allegedly outlined a suite of hacking tools used by the CIA that target smartphones, cars and televisions. The group has said that it will work with technology companies to help patch flaws exploited by the CIA’s hacking tools, but offered few details on how such a partnership would work, Reuters reported.
Apple said that it has not “negotiated with WikiLeaks for any information” and has instructed the organization to submit information though its normal processes. “Thus far, we have not received any information from them that isn’t in the public domain,” the company’s statement said. “We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.”