This suggests that the CIA is compromising the supply chain and is potentially intercepting and infecting electronic device shipments before they reach the final buyer. According to WikiLeaks, the iPhone version of Nightskies is designed to be physically installed onto factory fresh phones. What's interesting about Nightskies is that it was ported to the Macbook Air from a version for iPhones.
It too has an EFI persistence module and includes a user-space module codenamed Nightskies. It is the modern equivalent of the BIOS.Īn EFI implant, or rootkit, can inject malicious code inside the operating system's kernel during the boot process and will survive even if the OS is fully reinstalled or the hard disk drive is changed.ĭer Starke is described in another CIA document that was leaked Thursday as "a diskless, EFI-persistent version of Triton," which is "an automated implant for Mac OS X" - spying malware that can steal data and send it to a remote server.Īn older implant, and possibly Der Starke's precursor, is described in a document from 2009 for Macbook Air computers under the codename DarkSeaSkies. The EFI or UEFI is the low-level firmware that initiates and configures the computer's hardware components before starting the actual operating system. More importantly, an adapter modified by Sonic Screwdriver can be used to execute Der Starke, a fileless macOS malware program that has a persistence component installed in the computer's EFI (Extensible Firmware Interface).
For example, Sonic Screwdriver can be used to boot into a Linux live CD so that the Macbook's partitions and data can be accessed from outside macOS, the manual says.
0 kommentar(er)
