Sonic Screwdriver - Trammell Hudson's Projects

<!doctype html> <html lang="en" class="no-js"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="description" content="Collection of my projects and hacks."> <link rel="canonical" href="https://trmm.net/Sonic_Screwdriver/"> <link rel="icon" href="../assets/images/favicon.png"> <meta name="generator" content="mkdocs-1.4.2, mkdocs-material-9.0.6"> <meta property="og:title" content="Sonic Screwdriver"> <meta property="og:site_name" content="Trammell Hudson's Projects"> <meta property="og:url" content="https://trmm.net/Sonic_Screwdriver/"> <meta property="og:description" content="Collection of my projects and hacks."> <meta property="og:image" content="https://trmm.net/images/logo.png"> <title>Sonic Screwdriver - Trammell Hudson's Projects</title> <link rel="stylesheet" href="../assets/stylesheets/main.558e4712.min.css"> <link rel="stylesheet" href="../assets/stylesheets/palette.2505c338.min.css">  <link href="https://fonts.gstatic.com" rel="preconnect" crossorigin /> <link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=IBM+Plex+Serif:300,400,400i,700%7CIBM+Plex+Sans:500,600,700%7CIBM+Plex+Mono&display=fallback" /> <style> body, input { font-family: "IBM Plex Serif", "Helvetica Neue", Helvetica, Arial, sans-serif; } pre, code, kbd { font-family: "IBM Plex Mono", "Courier New", Courier, monospace; } h1, h2, h3, h4, h5, h6 { font-family: "IBM Plex Sans", sans-serif; font-weight: 700 !important; } </style> <link rel="stylesheet" href="../extra.css"> <script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script> </head> <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="black" data-md-color-accent="purple"> <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off"> <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off"> <label class="md-overlay" for="__drawer"></label> <div data-md-component="skip"> <a href="#sonic-screwdriver" class="md-skip"> Skip to content </a> </div> <div data-md-component="announce"> </div> <header class="md-header" data-md-component="header"> <nav class="md-header__inner md-grid" aria-label="Header"> <a href=".." title="Trammell Hudson's Projects" class="md-header__button md-logo" aria-label="Trammell Hudson's Projects" data-md-component="logo"> <img src="../images/logo.png" alt="logo"> </a> <label class="md-header__button md-icon" for="__drawer"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg> </label> <div class="md-header__title" data-md-component="header-title"> <div class="md-header__ellipsis"> <div class="md-header__topic"> <span class="md-ellipsis"> Trammell Hudson's Projects </span> </div> <div class="md-header__topic" data-md-component="header-topic"> <span class="md-ellipsis"> Sonic Screwdriver </span> </div> </div> </div> <label class="md-header__button md-icon" for="__search"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> </label> <div class="md-search" data-md-component="search" role="dialog"> <label class="md-search__overlay" for="__search"></label> <div class="md-search__inner" role="search"> <form class="md-search__form" name="search"> <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required> <label class="md-search__icon md-icon" for="__search"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg> </label> <nav class="md-search__options" aria-label="Search"> <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg> </button> </nav> </form> <div class="md-search__output"> <div class="md-search__scrollwrap" data-md-scrollfix> <div class="md-search-result" data-md-component="search-result"> <div class="md-search-result__meta"> Initializing search </div> <ol class="md-search-result__list" role="presentation"></ol> </div> </div> </div> </div> </div> <div class="md-header__source"> <a href="https://github.com/osresearch/" title="Go to repository" class="md-source" data-md-component="source"> <div class="md-source__icon md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg> </div> <div class="md-source__repository"> GitHub </div> </a> </div> </nav> </header> <div class="md-container" data-md-component="container"> <main class="md-main" data-md-component="main"> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0"> <label class="md-nav__title" for="__drawer"> <a href=".." title="Trammell Hudson's Projects" class="md-nav__button md-logo" aria-label="Trammell Hudson's Projects" data-md-component="logo"> <img src="../images/logo.png" alt="logo"> </a> Trammell Hudson's Projects </label> <div class="md-nav__source"> <a href="https://github.com/osresearch/" title="Go to repository" class="md-source" data-md-component="source"> <div class="md-source__icon md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg> </div> <div class="md-source__repository"> GitHub </div> </a> </div> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " data-md-toggle="__nav_1" type="checkbox" id="__nav_1" > <label class="md-nav__link" for="__nav_1" tabindex="0" aria-expanded="false"> Categories <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Categories" data-md-level="1"> <label class="md-nav__title" for="__nav_1"> <span class="md-nav__icon md-icon"></span> Categories </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../Category%3ARetrocomputing/" class="md-nav__link"> Retrocomputing </a> </li> <li class="md-nav__item"> <a href="../Category%3AVector_display/" class="md-nav__link"> Vector display </a> </li> <li class="md-nav__item"> <a href="../Category%3ARobots/" class="md-nav__link"> Robots </a> </li> <li class="md-nav__item"> <a href="../Category%3AClocks/" class="md-nav__link"> Clocks </a> </li> <li class="md-nav__item"> <a href="../Category%3A3D_Printing/" class="md-nav__link"> 3D Printing </a> </li> <li class="md-nav__item"> <a href="../Category%3ALaser_cutter/" class="md-nav__link"> Laser cutter </a> </li> <li class="md-nav__item"> <a href="../Category%3ATeensy/" class="md-nav__link"> Teensy </a> </li> <li class="md-nav__item"> <a href="../Category%3AMac/" class="md-nav__link"> Mac </a> </li> <li class="md-nav__item"> <a href="../Category%3APhotography/" class="md-nav__link"> Photography </a> </li> <li class="md-nav__item"> <a href="../Category%3AHobbies/" class="md-nav__link"> Hobbies </a> </li> <li class="md-nav__item"> <a href="../Category%3ALED/" class="md-nav__link"> LED </a> </li> <li class="md-nav__item"> <a href="../Category%3ALEDscape/" class="md-nav__link"> LEDscape </a> </li> <li class="md-nav__item"> <a href="../Category%3AReverse_engineering/" class="md-nav__link"> Reverse engineering </a> </li> <li class="md-nav__item"> <a href="../Category%3ATalks/" class="md-nav__link"> Talks </a> </li> <li class="md-nav__item"> <a href="../Category%3AHacks/" class="md-nav__link"> Hacks </a> </li> <li class="md-nav__item"> <a href="../Category%3ASecurity/" class="md-nav__link"> Security </a> </li> <li class="md-nav__item"> <a href="../Category%3AAircraft/" class="md-nav__link"> Aircraft </a> </li> <li class="md-nav__item"> <a href="../Category%3AArt/" class="md-nav__link"> Art </a> </li> <li class="md-nav__item"> <a href="../Category%3ABiking/" class="md-nav__link"> Biking </a> </li> <li class="md-nav__item"> <a href="../Category%3ALED/" class="md-nav__link"> Blinky </a> </li> <li class="md-nav__item"> <a href="../Category%3ABurning_Man/" class="md-nav__link"> Burning Man </a> </li> <li class="md-nav__item"> <a href="../Category%3AClasses/" class="md-nav__link"> Classes </a> </li> <li class="md-nav__item"> <a href="../Category%3ACoffee/" class="md-nav__link"> Coffee </a> </li> <li class="md-nav__item"> <a href="../Category%3AESP/" class="md-nav__link"> ESP </a> </li> <li class="md-nav__item"> <a href="../Category%3AFont/" class="md-nav__link"> Font </a> </li> <li class="md-nav__item"> <a href="../Category%3AGames/" class="md-nav__link"> Games </a> </li> <li class="md-nav__item"> <a href="../Category%3AInteractive_Show/" class="md-nav__link"> Interactive Show </a> </li> <li class="md-nav__item"> <a href="../Category%3ABeagleBone/" class="md-nav__link"> BeagleBone </a> </li> <li class="md-nav__item"> <a href="../Category%3APRU/" class="md-nav__link"> PRU </a> </li> <li class="md-nav__item"> <a href="../Category%3AMakerfaire/" class="md-nav__link"> Makerfaire </a> </li> <li class="md-nav__item"> <a href="../Category%3ANYCR/" class="md-nav__link"> NYCR </a> </li> <li class="md-nav__item"> <a href="../Category%3AOctober_First/" class="md-nav__link"> October First </a> </li> <li class="md-nav__item"> <a href="../Category%3AOscilloscope/" class="md-nav__link"> Oscilloscope </a> </li> <li class="md-nav__item"> <a href="../Category%3AROM/" class="md-nav__link"> ROM </a> </li> <li class="md-nav__item"> <a href="../Category%3ARadio/" class="md-nav__link"> Radio </a> </li> <li class="md-nav__item"> <a href="../Category%3ARaspberry_Pi/" class="md-nav__link"> Raspberry Pi </a> </li> <li class="md-nav__item"> <a href="../Category%3AShopbot/" class="md-nav__link"> Shopbot </a> </li> <li class="md-nav__item"> <a href="../Category%3ASoftware/" class="md-nav__link"> Software </a> </li> <li class="md-nav__item"> <a href="../Category%3ASparkCore/" class="md-nav__link"> SparkCore </a> </li> <li class="md-nav__item"> <a href="../Category%3AThingiverse/" class="md-nav__link"> Thingiverse </a> </li> <li class="md-nav__item"> <a href="../Category%3AUSB_Devices/" class="md-nav__link"> USB Devices </a> </li> <li class="md-nav__item"> <a href="../Category%3AVideo/" class="md-nav__link"> Video </a> </li> <li class="md-nav__item"> <a href="../Category%3AWearables/" class="md-nav__link"> Wearables </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " data-md-toggle="__nav_2" type="checkbox" id="__nav_2" > <label class="md-nav__link" for="__nav_2" tabindex="0" aria-expanded="false"> Chronological <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Chronological" data-md-level="1"> <label class="md-nav__title" for="__nav_2"> <span class="md-nav__icon md-icon"></span> Chronological </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../Category%3A2010/" class="md-nav__link"> 2010 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2011/" class="md-nav__link"> 2011 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2012/" class="md-nav__link"> 2012 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2013/" class="md-nav__link"> 2013 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2014/" class="md-nav__link"> 2014 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2015/" class="md-nav__link"> 2015 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2016/" class="md-nav__link"> 2016 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2017/" class="md-nav__link"> 2017 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2018/" class="md-nav__link"> 2018 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2019/" class="md-nav__link"> 2019 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2020/" class="md-nav__link"> 2020 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2021/" class="md-nav__link"> 2021 </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " data-md-toggle="__nav_3" type="checkbox" id="__nav_3" > <label class="md-nav__link" for="__nav_3" tabindex="0" aria-expanded="false"> About <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="About" data-md-level="1"> <label class="md-nav__title" for="__nav_3"> <span class="md-nav__icon md-icon"></span> About </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../About/" class="md-nav__link"> About Me </a> </li> <li class="md-nav__item"> <a href="../PGP/" class="md-nav__link"> Contact </a> </li> </ul> </nav> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#sonic-screwdriver" class="md-nav__link"> Sonic Screwdriver </a> </li> <li class="md-nav__item"> <a href="#darkseaskies" class="md-nav__link"> DarkSeaSkies </a> </li> <li class="md-nav__item"> <a href="#external-links" class="md-nav__link"> External links </a> </li> </ul> </nav> </div> </div> </div> <div class="md-content" data-md-component="content"> <article class="md-content__inner md-typeset"> <h1>Sonic Screwdriver</h1> <p><a href="https://www.flickr.com/photos/osr/16141424095/lightbox"><img src="https://live.staticflickr.com/8576/16141424095_796c0b57cb_b.jpg" srcset="https://live.staticflickr.com/8576/16141424095_796c0b57cb_b.jpg 1024w, https://live.staticflickr.com/8576/16141424095_796c0b57cb.jpg 400w" /></a></p> <p>Some quick thoughts after reviewing some of the <a href="https://wikileaks.org/vault7/darkmatter/">"Dark Matter" vault7 documents on wikileaks</a>, with the caveat that these documents are all fairly old and almost certainly don't reflect the state of the art. The <a href="https://wikileaks.org/vault7/darkmatter/document/SonicScrewdriver_1p0/">Sonic Screwdriver</a> attracted my attention since many reports compared it to <a href="/Thundestrike">Thundestrike</a>: they both use the Apple Thunderbolt gigabit ethernet adapter and store their code in its Option ROM. Sonic Screwdriver predates Thunderstrike 1 by at least a year and based on the dates, however, I am assuming they saw <a href="http://ho.ax/posts/2012/07/black-hat-usa-2012/">snare's 2012 Black Hat presentation</a> and then took six months to weaponize and package it for use.</p> <h3 id="sonic-screwdriver">Sonic Screwdriver</h3> <p><a href="https://www.flickr.com/photos/osr/19763201053/lightbox"><img src="https://live.staticflickr.com/281/19763201053_512d2abef8_b.jpg" srcset="https://live.staticflickr.com/281/19763201053_512d2abef8_b.jpg 1024w, https://live.staticflickr.com/281/19763201053_512d2abef8.jpg 400w" /></a> The functonality of Sonic Screwdriver appears to be at the same level as <a href="https://media.blackhat.com/bh-us-12/Briefings/Loukas_K/BH_US_12_LoukasK_De_Mysteriis_Dom_Jobsivs_Slides.pdf">presented in snare's slides</a> -- the Option ROM code is loaded before firmware passwords are checked, which allows it to bypass this password and boot from an alternate media device with a more extensive exploit, but does not have any flash level persistence. Based on the documentation, as far as I can tell it does not carry any payload of its own:</p> <blockquote> <p>The intended CONOP for Sonic Screwdriver is to be able to install EDG/AED tools on a Mac even if a firmware password was enabled.</p> </blockquote>  <p><a href="https://www.flickr.com/photos/osr/16115630616/lightbox"><img src="https://live.staticflickr.com/7496/16115630616_1aa5c8174f_b.jpg" srcset="https://live.staticflickr.com/7496/16115630616_1aa5c8174f_b.jpg 1024w, https://live.staticflickr.com/7496/16115630616_1aa5c8174f.jpg 400w" /></a> The key contribution of Thunderstrike over snare's work was that it allowed a proximate attacker to use the Thunderbolt adapter to overwrite the motherboard boot flash, which provided better persistence than a <code>boot.efi</code> implant on the harddrive. The specific vulnerability in Apple's firmware update routine used was closed as part of the software update that coincided with my <a href="/Thunderstrike_31c3">31C3 presentation</a>. <a href="/Thunderstrike_2">Thunderstrike 2</a> found additional vulnerabilities and added software-only attacks that allowed the flash to be unlocked from software and also added a viral mode in which new Thunderbolt devices would be infected. Most of the vulnerabilities that allowed the Thunderbolt device to write to the bootflash were closed as part of a coordinated disclosure prior to <a href="/Thunderstrike2_details">BH2015</a>. Note that neither Sonic Screwdriver, snare's rootkit, nor any of the Thunderstrike vulnerabilities used DMA over PCIe.</p> <p><a href="https://www.flickr.com/photos/osr/20196149558/lightbox"><img src="https://live.staticflickr.com/545/20196149558_46eb3961f1_b.jpg" srcset="https://live.staticflickr.com/545/20196149558_46eb3961f1_b.jpg 1024w, https://live.staticflickr.com/545/20196149558_46eb3961f1.jpg 400w" /></a> Apple did not disable OptionROMs after snare's 2012 talk, nor after either of the Thunderstrike talks. Even though the vulnerabilities that allowed flash writes from the Option ROM were closed by Apple, it was still possible to use the code in the Option ROM to bypass or reset firmware passwords, change boot devices, etc. Apple finally added an option to disable them for good in December 2015, as noted by <a href="https://twitter.com/XenoKovah/status/809412466375438336">Xeno in this tweet</a> (<a href="https://twitter.com/XenoKovah/status/809416573140074497">crediting snare and our work</a>). This is what the security community had been asking for since 2012 and can now be set <a href="https://twitter.com/XenoKovah/status/809418554428657666">via the command line</a>:</p> <pre> sudo firmwarepasswd -setpasswd -setmode command </pre> <h3 id="darkseaskies">DarkSeaSkies</h3> <p>It does appear that the DarkSeaSkies implant was firmware based, but only for certain MacBook hardware models. I'm not sure what technique it used to install itself. It targeted much older machines, which might have had firmware vulnerabilities -- the Macbook 1,1 is also supported by coreboot, which makes me think it had an easily re-writable firmware. However, I do not have any deep insight into why that one was targeted.</p> <p>The <a href="https://wikileaks.org/vault7/darkmatter/document/DarkSeaSkies_1_0_URD/">User Requirements Document</a> for it has this fascinating quote:</p> <blockquote> <p>COG has a time-sensitive operational need for a porting of the current version of Nightskies to a MacBook Air. Currently this exists for an iPhone (See Requirement 2008-1508). COG has the opportunity to gift a MacBook Air to a target that will be implanted with this tool.</p> </blockquote> <p>Since these documents all predate Thunderstrike and Thunderstrike 2, it is not known if the CIA has adapted any of the techniques to new implants. Given physical access to the system, as implied in this quote, would allow significantly more tampering possibly to even override <a href="/Bootguard">Bootguard</a> protections (through CPU replacement or other hardware modifications).</p> <h3 id="external-links">External links</h3> <ul> <li><a href="http://www.pcworld.com/article/3184435/security/wikileaks-documents-show-cias-mac-and-iphone-compromises.html">Newly leaked documents show low-level CIA Mac and iPhone hacks</a>, Lucian Constantin (PC World)</li> <li><a href="https://motherboard.vice.com/en_us/article/wikileaks-new-dump-shows-how-cia-allegedly-hacked-macs-and-iphones-almost-a-decade-ago">Internet Insecurity WikiLeaks’ New Dump Shows How The CIA Allegedly Hacked Macs and iPhones Almost a Decade Ago</a>, Lorenzo Franceschi-Bicchierai (Motherboard)</li> <li><a href="https://techcrunch.com/2017/03/23/wikileaks-releases-new-cia-documents-describing-mac-exploits/">WikiLeaks releases new CIA documents describing Mac exploits</a>, Romain Dillet (Tech Crunch)</li> <li><a href="https://arstechnica.com/security/2017/03/new-wikileaks-dump-the-cia-built-thunderbolt-exploit-implants-to-target-macs/">New WikiLeaks dump: The CIA built Thunderbolt exploit, implants to target Macs</a>, Sean Gallagher (Ars Technica)</li> </ul> <p><a href="/Category:2017"><span style='color:white; background-color:red'>2017</a> <a href="/Category:Security"><span style='color:white; background-color:red'>Security</a></p> <hr> <div class="md-source-file"> <small> Last update: <span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 8, 2020</span> </small> </div> </article> </div> </div> </main> <footer class="md-footer"> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class="md-copyright"> Made with <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener"> Material for MkDocs </a> </div> <div class="md-social"> <a href="https://twitter.com/qrs" target="_blank" rel="noopener" title="twitter.com" class="md-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"/></svg> </a> <a href="https://flickr.com/osr" target="_blank" rel="noopener" title="flickr.com" class="md-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M400 32H48C21.5 32 0 53.5 0 80v352c0 26.5 21.5 48 48 48h352c26.5 0 48-21.5 48-48V80c0-26.5-21.5-48-48-48zM144.5 319c-35.1 0-63.5-28.4-63.5-63.5s28.4-63.5 63.5-63.5 63.5 28.4 63.5 63.5-28.4 63.5-63.5 63.5zm159 0c-35.1 0-63.5-28.4-63.5-63.5s28.4-63.5 63.5-63.5 63.5 28.4 63.5 63.5-28.4 63.5-63.5 63.5z"/></svg> </a> <a href="https://github.com/osresearch" target="_blank" rel="noopener" title="github.com" class="md-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg> </a> <a href="https://social.v.st/@th" target="_blank" rel="noopener" title="social.v.st" class="md-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M433 179.11c0-97.2-63.71-125.7-63.71-125.7-62.52-28.7-228.56-28.4-290.48 0 0 0-63.72 28.5-63.72 125.7 0 115.7-6.6 259.4 105.63 289.1 40.51 10.7 75.32 13 103.33 11.4 50.81-2.8 79.32-18.1 79.32-18.1l-1.7-36.9s-36.31 11.4-77.12 10.1c-40.41-1.4-83-4.4-89.63-54a102.54 102.54 0 0 1-.9-13.9c85.63 20.9 158.65 9.1 178.75 6.7 56.12-6.7 105-41.3 111.23-72.9 9.8-49.8 9-121.5 9-121.5zm-75.12 125.2h-46.63v-114.2c0-49.7-64-51.6-64 6.9v62.5h-46.33V197c0-58.5-64-56.6-64-6.9v114.2H90.19c0-122.1-5.2-147.9 18.41-175 25.9-28.9 79.82-30.8 103.83 6.1l11.6 19.5 11.6-19.5c24.11-37.1 78.12-34.8 103.83-6.1 23.71 27.3 18.4 53 18.4 175z"/></svg> </a> </div> </div> </div> </footer> </div> <div class="md-dialog" data-md-component="dialog"> <div class="md-dialog__inner md-typeset"></div> </div> <script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.e5c33ebb.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script> <script src="../assets/javascripts/bundle.51d95adb.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.0/MathJax.js?config=TeX-MML-AM_CHTML"></script> </body> </html>

CINXE.COM

Sonic Screwdriver - Trammell Hudson's Projects