So you thought that by owning a Mac and various hipster apple devices you were totally safe from hacking? Well, think again. Our friends at the CIA has come up with some interesting ways of gaining access to your apple computers and Apple Airports. Our computers have to exchange data, it’s fundamental to how we communicate these days. You’d probably expect that with the exchanging of personal and private information that this data would be perfectly secure. Companies and mathematicians do make efforts towards this goal. So according to Wikileaks and the CIA, the Apple Airport express secures its communications using a technique of key exchanging called “Diffie-Hellman” so for you people reading this thinking “What on earth is a key exchange?” the idea is actually fairly simple. Say for example I wanted to send you a message that is scrambled by sliding the letters of the alphabet up by one letter and I wanted to let you know the “key” (The key being 1) If I was in public, simply yelling the key would defeat the purpose of the code. What we want is a secure method of letting each other know how to decrypt each other’s messages. Back in 1976 Mathematicians Whitfield Diffie and Martin Hellman came up with the incredible idea of exchanging data without third parties knowing the key. The idea being that I come up with two prime numbers and you come up with two prime numbers then we both switch one prime each, do some maths and, hey presto! We both know the key and we only shared two unrelated numbers. Great, eh?
Interestingly enough the actual algorithm for this key exchange isn’t insecure, however, what is bad is how the algorithm has been implemented on certain devices. So back to Apple? It seems to me the way the key exchange has been implemented on the Apple Airport that the CIA were testing has not kept the private key so private. Initially, they found the data where the devices establish the private key and exchange the two numbers, this part has to be unencrypted so both machines know what is going on of course. What was interesting is that when the CIA went into the file system of the Airport they found that the device stores the Private Key for the encryption of messages later. So what does this mean? Well, it allows for a reverse engineering of the data that the airport will exchange with devices that are supposed to be encrypted and secure. So not so secure after all I guess. The main objective of this attack is to gain administrator access to the airport by installing something called a rootkit which is essentially a set of tools to allow a hacker to gain access to a target device which is worrying as most often the apple airports come with a device that backs up all your apple devices, so all your information including previously deleted files would be free game. So what does this mean for you and me? Funnily enough not too much, I wouldn’t be cowering in my boots as this sort of attack is usually a little long-winded for a hack of one person especially in the early stages of developing the attack method but if you are a large to medium sized company or state, I’d totally be concerned right now. Once the CIA learns how to make the attack simple enough to program it, then I’d be worried.
So let’s go through some of the other quick apple hacks that the CIA have been up to, these ones are pretty short and sweet due to the lack of info in them, but they are terrifying nonetheless. Project SnowyOwl, as cute as that sounds I can assure you that this owl has fangs. We actually get very little information about this project other than a brief description, but the idea is that the project is about planting some software on the target’s device and running a protocol called “SSH” which is a secure method of controlling the target’s computer via the devices command-line. At least it’s secure I guess… This essentially allows for the remote control of a lot of functions on the targets computer and access to files all done remotely. You may be wondering where all the IOS Hacks that the CIA has and why I’ve not even touched on IOS at all. The truth is that in all the reading through the documentation I did, all that most of what I could find is the CIA attempting to reverse engineer IOS or to exploit the kernel of the device which is somewhat of the secretary of the Operating system in a way. If you want a list of the attacks that are specific to the topic of IOS, Link here. Having said that, if you are on IOS 10.2 please update to the latest version 10.3 as it fixes several vulnerabilities and bugs, plenty of the attacks in vault 7 for IOS no longer work on the more up to date versions of IOS and iPhones.
there are a couple of other attacks but they aren’t as interesting as the ones I’ve covered, and to be honest, they aren’t significant. So if you want more information you can head over to the Wikileaks articles that are on the subject if you can understand it. Last week I covered the CIA attack “Weeping angel” so check that out if you enjoyed this one.