Wikileaks released a new section from the Vault 7 documentation and it is now clearly evident that the Central Intelligence Agency had a special approach to dealing with Mac devices.
Just by physical access, the Agency could spy on your laptop; they most likely could tap your phone as well.
“The EFI is what orchestrates the entire boot sequence. If you change something before that, you’re controlling everything. It becomes part of your computer. There’s no way of knowing that it’s there, and also hardly any way to get rid of it”, says Karsten Nohl, the founder of Security Research Labs, Wired.
Since physical access is not always possible, CIA created tools which are capable of rising up to the challenge. “Sonic Screwdriver” is the name for a firmware thunderbolt cable, but the hacker can also install a tool in the firmware “DerStarke” and use it to install another tool, called “Triton”. By doing so, the tool can feed the hacker user data and open up a world of possibilities for spying on the target.
Formatting the hard drive will do no good, since “Triton” will only be temporarily deleted, only until another restart of the system takes place.
This particular tool does not work on newer MacBook devices since they are now protected from these and similar attacks. It begs the question, however, as to why hasn’t the agency restocked its arsenal with different tools. To be fair, Wikileaks did say that they will not release information on hacks that the companies have not yet mended. Soon after this information came to light, Inter presented an EFI tool that enables the users to check if their computer is infected.
