WikiLeaks: CIA hacked Apple devices in ways users can't fix

NEW YORK -- New documents from WikiLeaks point to an apparent CIA program to hack Apple's iPhones and Mac computers using techniques users couldn't disable by resetting their devices.

Security experts said the exploits are plausible but suggest they pose little threat to typical users. They said many of the tricks are older -- the iPhone hack involves the 3G model from 2008, for instance.

The techniques also typically require physical access to devices, something the CIA would use only for targeted individuals.

"The most notable part of this latest WikiLeaks release is that it shows the CIA doing exactly what we pay them to -- exploit specific targets with limited attacks to support our national interests," said Rich Mogull, CEO of the security research firm Securosis.

Apple didn't respond to a request for comment.

The CIA has not commented on the authenticity of this and earlier WikiLeaks revelations but previously has said it complies with a legal prohibition against electronic surveillance "targeting individuals here at home, including our fellow Americans." The agency declined further comment Thursday.

The leaks Thursday come about two weeks after WikiLeaks published thousands of alleged CIA documents describing hacking tools it said the government employed to break into computers, mobile phones and even smart TVs from companies such as Apple, Google, Microsoft and Samsung.

The latest disclosures are much more focused and consist of just 12 documents, all involving Apple products.

The documents describe techniques for rewriting devices' firmware in ways that would maintain a hacker's access even if a user resets a phone or computer to factory settings.

Doing so wipes out all apps and the operating system and installs a clean version; it is an extreme measure sometimes used to deal with technical problems but is also the sort of step someone suspicious of surveillance might take when getting a brand-new phone.

A December 2008 document describes "NightSkies," a tool apparently designed to target the iPhone 3G; the document claims it can retrieve files such as contact lists and call logs and execute other commands. WikiLeaks suggested in a news release the "CIA has been infecting the iPhone supply chain of its targets since at least 2008."

But the document describes only how to install the malware on a "factory fresh" version of the 3G -- specifically, the iPhone 3G running the 2.1 version of Apple's operating system, both of which are nine years old.