This article is more than
7 year oldLeaked CIA documents released by WikiLeaks dubbed “Vault 7” contain explosive allegations about hacking programs run by US intelligence agencies which include details on how the CIA created malware to target iPhones, Android and smart TVs, giving them the power to spy and listen in on users.
Even if you think you’d be the last person that the CIA would be interested in, it shows just how vulnerable we all are to having our information, communication and privacy breached by a powerful third party.
Professor Nigel Phair from the University of Canberra is a cyber security expert and frequently warns consumers about security vulnerabilities when it comes to their devices, but even he isn’t quite sure how people are supposed to protect themselves against the likes of the CIA.
“Any advice I would have normally given has been blown out of the water by the Vault 7 revelations,” he told news.com.au.
“Nothing is secure. The only thing that’s secure is something that’s not connected to the internet,” he said. And even then there are exceptions.
In our device obsessed world, we simply can’t guarantee our privacy.
“I wouldn’t say it’s the trade off, and I don’t think it should be the trade off,” he said. “But it’s the reality.”
Even if you think you’ve taken steps to be security conscious such as using messaging services that promise end-to-end encryption such as WhatsApp, you’re still not safe from the prying eyes of American intelligence agents.
Because according to the leaks, the CIA and allied agencies are also able to bypass encryption on popular messaging services such as Signal, Telegram and WhatsApp — the latter of which is used extensively by Australian politicians.
Last year, the Australian Signals Directorate confirmed WhatsApp was on the list of approved services for sensitive and classified communication after it was revealed the app was the service of choice for Malcolm Turnbull and other parliamentarians to share private information.
APPLE AND ANDROID PRODUCTS
The Vault 7 documents, which date between 2013 and 2016, reveal the CIA had a specialised unit dedicated to breaking into Apple devices such as iPhones and iPads to steal information.
The CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS such as iPads, Wikileaks claims.
The CIA program reportedly knew of a number of holes in the iOS software unknown to Apple that could be exploited — something known as a “zero day” because the vendor has yet to realise the vulnerability and patch it.
It’s believed the disproportionate attention paid to Apple products is due to their popularity in the US and common usage among social, political, diplomatic and business elites.
A similar unit targeted smartphone and tablet devices which use Google’s Android software, which is used to run a majority of smartphones in the world.
Wikileaks also claims that the CIA has lost control of a majority of its hacking arsenal including malware, viruses, trojans and the zero day exploits it uses to hack devices, meaning more nefarious groups could find them and use them.
However Wikileaks said it will not release the computer code for actual cyberweapons “until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should be analyed, disarmed and published.”
Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones in America, but kept them open -- to spy. https://t.co/mDyVred3H8
— Edward Snowden (@Snowden) March 7, 2017
SMART TVS
The potential for our devices such as a Samsung smart TV to effectively spy on us is not a new fear. But the confirmation of a concerted government effort to intentionally exploit such products to that end is certainly a big deal, even though former CIA Director David Petraeus said back in 2012 that the agency was interested in monitoring items connected to the internet.
According to the Vault 7 leaks the CIA developed a malware, in co-operation with UK spy agencies, dubbed “Weeping Angel” to infect smart TVs and transform them into covert microphones.
Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. The TV then surreptitiously operates as a bug, recording conversations in the room and sending them over the internet to a covert CIA server.
“What makes this (Vault 7 leak) really interesting, is a lot of the other times a smart TV, or an electricity meter, or a car or whatever have been hacked ... it’s been more for a show and tell, been more for the theatre of it,” Prof Phair said.
“This is a government program that obviously they didn’t want to see the light of day and that might be what raises people’s eyebrows a little bit.”
CONNECTED VEHICLES
A major danger of connected vehicles is the potential for them to be remotely controlled by hackers.
Such a thing has been demonstrated in the past, and so it’s no surprise the CIA has long been interested in such capabilities.
“As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks,” Wikileaks said in a statement.
“The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.”
WikiLeaks says it has more to release but the first dump from Vault 7 contains 7818 web pages with 943 attachments.
It is the largest ever leak of confidential CIA information and is the biggest blow to the secrecy of the US intelligence community since former NSA contractor Edward Snowden leaked documents about the government’s mass spying program.
Mr Snowden, who is now exiled in Russia, has been exceedingly vocal on social media this morning in the wake of the latest revelations.
“Imagine a world where the actual CIA spends its time figuring out how to spy on you through your TV. That’s today,” he wrote.
Newer articles