If this didn’t cross your path so far, now is the time to find out about it. WikiLeaks has released a series of documents that seem to show how the US Central Intelligence Agency (CIA) is capable of spying on our smartphones, computers, and other internet-connected devices.
Apparently, they have the capacity to break into any Android and iPhone smartphone, as well as devices running Windows, Mac OS, or Linux operating systems. Even if the leak doesn’t really tell us what kind of techniques they use and why, it still highlights just how vulnerable the technology we rely on actually is to any sort of security breach.
How can the CIA hack such devices?
The leaked documents imply that the CIA has a specific catalog of “zero-day” vulnerabilities. A software vulnerability is generally a flaw in a program that a hacker uses to undermine the security of a system and break in to effectively control it or even steal its data.
As a general rule, vulnerabilities are often reported to vendors, so they can produce a software patch that will later fix all the flaws and eliminate and reduce the chances of a successful attack. All the flaws that the software manufacturer isn’t aware of are then called zero-day vulnerabilities. This often refers to the number of days the manufacturer has known about the problem.
If you know how to exploit such zero-day vulnerabilities, the CIA can, in theory, undermine the controls of computer operating systems and smartphones. This would allow it to bypass, for instance, the security of the majority of messaging apps that are seen as secure, like WhatsApp, Telegram, or even Signal.
Of course, it doesn’t show that those apps have had their strong encryption methods broken. Instead, those messages can be read straight from the operating system before being actually encrypted.
The almighty power of the CIA with such techniques on hand
The leaked documents also explain in detail the technical catalog of hacking tools, like instructions for compromising Skype, Wi-Fi networks, PDF documents, and even commercial anti-virus programs.
There are also plenty of instructions on how to steal certain passwords, like those that are used for internet browsers. For instance, there’s a technique known as “QuarkMatter”, which inserts stealthy spying software on an Apple computer by hiding it in the EFI system partition. That’s the part of the hard drive where the startup files are well-kept.
Then again, the reports also prove that the CIA is able to listen to conversations heard by the microphones in smart TVs, even when the TVs seem to be switched off. However, that doesn’t mean the CIA can just exploit anyone’s smart TV. The program, which is known as “Weeping Angel”, was built for the Samsung F8000 TV.
It’s also completely possible that the CIA made this technique to target certain individuals. It also seems that the program can only be loaded on our TVs via an intricate software update from a USB device. This means that yes, someone would have to enter our house and access our TV in order to hack it.
However, it’s also worth noting that there are other “Internet of Things” linked devices that might be used for very similar purposes, like the Amazon Echo home assistant. Moreover, it seems that the CIA explored all the ways in which it could have remotely controlled and hacked into cars to crash them, allowing for a “nearly undetectable assassination.”
How serious and dangerous is it?
Well, many would say that some of the vulnerabilities that are presented in this catalog are old, and others have already been patched up. For instance, the Samsung TV hack isn’t viable anymore, especially when it comes to more recent devices with updated firmware.
However, this isn’t to say that the CIA (or any other intelligence agency), didn’t update its arsenal to exploit newer vulnerabilities. The document also suggested that the CIA is willing to effectively exploit, by any means, the public technology we have on hand these days, for spying purposes.
To this, we say that if manufacturers aren’t aware of some vulnerabilities, they won’t be able to fix them, which makes them an open target for malicious hackers or other governments to exploit, too.
The US government has come up with the Vulnerabilities Equities Process (VEP) as a way to aid the agencies that need to decide whether or not to disclose a vulnerability. If the CIA is stockpiling a catalog of vulnerabilities they’ve picked up (actions that other agencies previously denied doing), then it could be ignoring this protocol.
There are, of course, exceptions. For instance, if the exploit has “a clear national security or even law enforcement urgency.” But since we can’t tell how the vulnerabilities have been previously exploited, it’s still quite unclear if they fall into such a category.
It’s still not clear what other types of hacking activities the CIA could undertake. The leak also includes 8,761 documents and files, many of which haven’t even been analyzed yet. One thing is for sure: there are many more to come!
Some documents have been redacted by WikiLeaks editors, in order to avoid disclosing the actual programming code for the attacks and make it more difficult to copy them. Ultimately, it seems that the entire archive of the disclosed CIA toolkit is made from several hundred million lines of code.
Just to draw a quick comparison, Windows 7 is made of 25 million lines of code. Well, it could take some time to efficiently understand the extent of their hacking capacities.
Are you curious to know if the CIA spies on you?
Well, the question we’ve all been asking is if the government is watching us, obviously. If you haven’t done anything to get on the CIA’s watchlist, chances are no one is actively listening to what you have to share with your friends. However, that doesn’t mean your personal information isn’t collected in huge databases.
The Freedom on the Net reported that 89% of internet users are monitored on social media. Plenty of their data is collected and carefully analyzed through automated means for CIA mass surveillance.
Even if the collection of metadata could sound a bit trivial to you, this isn’t necessarily the case. Sometimes, it can provide a broader image of someone’s life than a specific personal conversation between two people would.
For example, if you notice that your webcam is on, then this could mean that someone is spying on you. Hacking your webcam is one of the easiest things to do, whether we’re talking about a governmental action or just cybercriminals.
Whether you were aware of it or not, countries such as America and the United Kingdom are by far the most watched-over regions in the world. According to some estimates, the UK has around one CCTV camera for every 11 citizens. Every time you are in public, you should expect Big Brother to watch over you.
Ultimately, government agencies have huge malware collections, zero-day exploits, as well as other bugs that can be very helpful if they need to find out something about you. On top of that, the CIA has a specific branch dedicated to finding out how to crack iOS, Android, Microsoft, as well as macOS software.
If you found this article useful, we also recommend checking: 10 States with Laws that Restrict Assault Weapons
