Skip to main content

New WikiLeaks docs show how the CIA hacks iPhones and MacBooks

New WikiLeaks docs show how the CIA hacks iPhones and MacBooks

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.


For years, the CIA has been developing tools for hacking into Apple products — and thanks to WikiLeaks, those tools are now public. Today, the group published a new set of documents dubbed “Dark Matter,” part of the ongoing Vault 7 publication on CIA hacking tools. Today’s documents focus specifically on Apple products, detailing the CIA’s methods for breaking into MacBooks and iPhones.

Most of the documents are more than seven years old, putting them significantly out of sync with the company’s current products, but they show a persistent effort to find and exploit weaknesses in Apple products. One tool, called “Sonic Screwdriver,” was used to infect MacBooks through a USB or Thunderbolt port, presumably deployed when the CIA has physical access to a device. Other implants install themselves in the computer’s firmware interface, making them undetectable through conventional forensic techniques.

The agency seems to have had a harder time with the early versions of the iPhone. Only one of the tools targets the phone, a so-called “beacon” tool designed to be installed on an intercepted phone before purchase.

Given how old the bugs are, it’s unlikely any of them would be effective against contemporary Apple products, although it’s likely the CIA has developed similar capabilities to target today’s MacBooks. WikiLeaks has pledged to disclose all the Vault 7 vulnerabilities to the relevant companies for patching, but the group has been slow to fulfill that promise, reportedly requiring a series of conditions before the bugs can be disclosed.

Reached by The Verge, Apple denied any negotiations with Wikileaks, and emphasized that contemporary products are not vulnerable to the attacks. The company’s statement is reproduced in full below:

We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.

We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.

Update 9:13PM ET: Updated with statement from Apple.