WikiLeaks released a bunch of documents this morning detailing the different types of tools the CIA (US intelligence agency) allegedly uses to spy on people through iOS, Android and smart devices (including TVs). How could this affect you?
If the WikiLeak documents are legit (which looks likely), the CIA has been hoarding zero-day vulnerabilities and exploiting them for intelligence gathering. The problem is, the agency hasn’t reported the vulnerabilities to anyone who could patch them in a timely manner, for obvious reasons, which means hackers and cyber criminals may potentially be using them for their own activities.
While the CIA operates within the US, there's also nothing stopping the agency from conducting covert operations abroad.
Depending on your level of paranoia, you may be worried that you're being spied on through your electronic devices. Based on the WikiLeaks document, the CIA has 'weaponised' a number of zero day vulnerabilities for a range of local and remote exploits. According to Wikileaks:
The CIA's Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone.
… These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
Mind you, the methods in which the CIA could bypass the encryption on those chat apps remain unclear.
The CIA also developed tools to access Windows, OSX and Linux devices; Linux runs on a ton of internet-of-things (IoT) devices. Many of the exploits detailed are executed through the distribution of malware.
Samsung smart TVs were also called out for being able to be used to record conversations using an malware called "Weeping Angel", which was developed in conjunction with UK's MI5:
After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode, so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.
The WikiLeaks documents are from 2015-2016 and it's possible that many of the exploits on the lists have already been patched. But that's not to say the CIA, and other intelligence agencies for that matter, have stopped hoarding zero days that can be used for spying purposes. As we've already discussed, there's also a possibility unpatched zero day vulnerabilities could be used by external parties as well.
We should remind you the veracity of the documents from WikiLeaks have not yet been confirmed. Mind you, I really doubt the CIA will come out to confirm or deny anything.
These revelations are yet another reminder that nothing you do online or on a digital device is 100% private, regardless of the safeguards you've put in place. For those who are privacy-conscious, it's best to keep the software on your devices up to date so that you've got the latest available patches to known zero day vulnerabilities.
WikiLeaks (read. Julian Assange) has released a massive cache of alleged CIA documents related to the US agency's cyberwar efforts. The information purportedly reveals covert CIA hacking tools that can take over iPhones, Android phones, internet-connected TVs and pretty much any type of computer.
If the leaks are authentic (and there's reason to believe they are), this means the agency can snoop on any encrypted message around the world by intercepting the missive before encryption is applied. Here's everything we know so far.