WikiLeak’s trove ofCIA cyber documents is being hyped as one of the biggest leaks since Snowden blew the whistle on the NSA, but according to one of the world’s top jailbreakers you shouldn’t believe the hype.
Cyber security expert Will Strafach, who gained notoriety under the name Chronic for finding zero day exploits used for jailbreaking, says iOS users don’t need to be worried.
“I do not believe any iOS user running iOS 10+ has any cause for concern by this,” Strafach told Cult of Mac .
There’s still a lot of digging through the documents to be done. WikiLeaks indicated that there is even more info to add to the over 8,000 documents released today, so iOS users may not be totally in the clear quite yet.
Other security analysts like Nicholas Weaver who leads network security efforts at Berkley have echoed similar thoughts on the leaks saying they’re interesting but not surprising . It should also be noted the people behind WikiLeaks are not experts on iOS, Android, and windows security so some of the claims made in their press release may not be entirely accurate.
The actual data dumped by Wikileaks isn't really that significant, but some entertainment. That it was dumped at all is Yuge.
― Nicholas Weaver (@ncweaver) March 7, 2017
Some internet users began to worry when news of the leaked documents first arrived because several new stories claimed that apps like Signal, WhatsApp, Telegram, Weibo, Confide and Cloakman had been hacked. In fact, the encryption on the apps was not compromised, but the CIA was able to extract texts and voice data from devices by hacking the encryption on the device itself.
The only time those apps can be compromised is if you are specifically targeted and your phone is runs an older version of iOS that is vulnerable to exploitation. Secure apps can’t protect your data in this situation because the operating system is compromised.
Will Strafach did note that the CIA’s wikipages and notes are similar to the way the Chronic Dev Team put private research together. This suggest the the CIA’s iOS hacking team runs more like a small internal jailbreaking team, rather than the National Security Administration’s TAO group which is more bureaucratic and has advanced infrastructure.
Most of the software doesn’t appear to be production-ready and was likely the result of small teams focusing on experimenting and R&D. Future leaked documents could bring new revelations in the future, but so far the leaks look fairly benign for iPhone users.
“What is here would only be useful on a valuable intelligence target (such as a known terrorist) in which being noticed after the fact isn’t a concern, as long as they acquired the needed intelligence,” explained Strafach.