Washington - WikiLeaks claimed Thursday that the CIA had found a way
to intercept and hack into Apple iPhones just a year after the company's
smartphone hit the market. The group also claimed that the CIA was able to
infect Mac computers. But it's very unlikely that your iPhone or Mac was
affected, experts say.
Apple said that its preliminary assessment of the
WikiLeaks documents show that the "alleged iPhone vulnerability affected
iPhone 3G only and was fixed in 2009 when iPhone 3GS was released." The
company also said that the alleged Mac exploits described by WikiLeaks were
fixed in all Macs launched after 2013.
The CIA referred The Post to an earlier statement that
declined to comment on the accuracy of the WikiLeaks information, but denounced
disclosures "designed to damage the Intelligence Community's ability to
protect America against terrorists and other adversaries."
The documents offer a rare glimpse into the world of
modern espionage, said Jeff Pollard, a security and risk analyst at Forrester
Research. For Apple and other companies, he said, it also shows that it's very
difficult to secure their products all the way from their factories to their
customers.
"The most concerning part of this is that it
highlights that it doesn't matter how secure you keep a device," he said.
"You have to understand that there could also be something that gets
delivered to you in a device that you purchased."
Read also: Who wants multiple iPhone personalities?
According to WikiLeaks, the documents allege that, as far
back as 2008, the CIA was able to install software on iPhones before they were
shipped to their intended owners. There's no evidence of tampering done at
Apple's factories, experts said. The documents also purportedly show that the
CIA found a way to install software on Macs that could not be removed, even if
a user were to reinstall their operating system. There is a specific mention of
the CIA trying to intercept a laptop that it knew was being given to someone as
a gift to plant its malware. Both methods require physical access to the
devices.
There is no evidence in the documents that the CIA used
these methods on a broad scale.
Experts who examined the documents said there is little
chance that the average consumer - particularly in the United States, given the
CIA's foreign focus - would have been affected by these attacks, said Will
Strafach, a noted iPhone security expert and co-founder of Verify.ly, a mobile
app intelligence service. It's also unlikely that anyone could look at these
documents now and design a similar hack, he said.
"It's too old. And even if it wasn't too old, it
requires you to get to a device that is en route to somebody specific," he
said.
The release of these documents follow a similar
disclosure from WikiLeaks earlier this month, which allegedly outlined a suite
of hacking tools used by the CIA that target smartphones, cars and televisions.
The group has said that it will work with technology companies to help patch
flaws exploited by the CIA's hacking tools, but offered few details on how such
a partnership would work, Reuters reported.
Apple said that it has not "negotiated with
WikiLeaks for any information" and has instructed the organization to
submit information though its normal processes. "Thus far, we have not
received any information from them that isn't in the public domain," the
company's statement said. "We are tireless defenders of our users'
security and privacy, but we do not condone theft or coordinate with those that
threaten to harm our users."