Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

WikiLeaks Vault 7: what you need to know about the alleged CIA hacking

$
0
0

WikiLeaks Vault 7: what you need to know about the alleged CIA hacking

Surprise, everyone, the US Central Intelligence Agency (CIA) allegedly has the means to hack everyday electronics.

The revelation comes from WikiLeaks, which has released thousands of purported CIA “Vault 7” files pertaining to hacking tools the agency could use to spy on targets, tools that include various malwares, trojans, and even remote control systems.

With a trove of data released in one fell swoop, just as many questions have arisen, including what devices the CIA could allegedly access and how this might have happened. We’ve put together this guide to get you up to speed on the WikiLeaks Vault 7 document dump.

What is Vault 7?

The basic gist is this: WikiLeaks, the organization headed by Julian Assange and known for leaking thousands of documents about various topics - including details about the inner workings of Scientology and Afghan war logs - has struck once again with details on alleged CIA tools that could be used conduct mass spying programs. The documents cover CIA activity from 2013 through 2016.

Officially, the CIA cannot legally use those tools against US citizens, however the agency could use them against non-US citizens. And as we saw with the Edward Snowden leaks, just because spying on citizens is illegal, this doesn’t mean it's not happening.


WikiLeaks Vault 7: what you need to know about the alleged CIA hacking

“Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation,” explains the documents.

The CIA allegedly has a range of tools at its disposal that could easily be used in spying programs. And as we know from the Edward Snowden NSA leaks, the subjects of spying could be either guilty of wrongdoing, or completely innocent.

Is this information authentic?

It’s important to highlight that the leaked documents so far have not been verified. The CIA has not yet issued a statement about the leak, and at the time of publication, the ageny hadn't returned our request for comment on the issue.

Still, a source for the Wall Street Journal has said the leaks are legitimate, and even Snowden has weighed in to say that he believes the data is authentic.

Still working through the publication, but what @Wikileaks has here is genuinely a big deal. Looks authentic. March 7, 2017

There is certainly questionable timing to the release. WikiLeaks assures that it published the documents as soon as its “verification and analysis” were ready, however the leaks also come at a time when President Donald Trump has spoken out against the intelligence community over other leaks that suggest campaign officials spoke to Russian intelligence officials in the months before the election.

As Engadget notes, intentional or not, the new data steers attention towards the CIA and away from what the organization may have learned about the Trump campaign. None of this is to say that we think the documents are a fabrication on the contrary, it’s looking more and more like they are authentic. It is, however, important to note there is evidence enough to be suspicious of them.

What devices were allegedly hacked?

Politics aside, if the documents are legit, the CIA was able to access a number of devices in its surveillance efforts, many of which you probably own or are familiar with. We've included tips on how to shore up security on these devices as well.

Samsung Smart TVs

Perhaps the most interesting revelation is the CIA’s alleged use of smart TVs for spying.

In a document called “Weeping Angel,” the CIA is described as using a “fake-off mode,” which essentially causes a TV’s screen to look like it’s turned off when in reality it is still on and recording audio in the room.The document even goes a step further and describes how the hack could be improved, including capturing video, too.


WikiLeaks Vault 7: what you need to know about the alleged CIA hacking

Unfortunately, there’s not much you can do about your smart TV being used to spy if you want to retain its full use. If, however, you’re fine with doing away with voice control in return for increased privacy, you can disable the microphone in you TV’s settings. It’s important to note that you should also check the permissions for individual apps, and ensure that none of them relate to the microphone.

iPhones and Android phones

On top of Samsung TVs, the CIA is also purportedly tapped into smartphones.

The agency reportedly developed as many as 24 zero day exploits for Android and an undisclosed number of iPhone exploits. A “zero day” exploit refers to a bug included in a device that the original manufacturer isn’t aware is there.

In most cases, this equates to a small glitch in one of the millions of lines of code housed in a handset. The glitch can be manipulated by hackers, however, including the CIA.


WikiLeaks Vault 7: what you need to know about the alleged CIA hacking

Apple spoke up on Tuesday evening that most of the vulnerabilities described in the Vault 7 data dump were patched in the newest version of iOS. Here's the company's full statement, provided to TechCrunch by an Apple spokesperson:

"Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way.

Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80% of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates."

A big part of the leak was the news that the CIA could look at messages from encrypted messaging services like WhatsApp, Telegram and Weibo, however it’s important to note it does not appear as though the agency has hacked those specific apps, but rather the underlying operating system that the apps run on.

Many device manufacturers offer rewards to developers who find zero day exploits, so the best thing for your phone may just be to ensure that it always has the latest update.

windows, OS X and linux devices

According to the documents, the CIA has also put substantial effort into infecting and controlling Windows, OS X, and Linux-based computers.

Not only does it also use zero day exploits on those computers, but it has also developed malware that can infect CDs and DVDs, write itself onto USB drives, and hide in covert disk areas to avoid detection.


WikiLeaks Vault 7: what you need to know about the alleged CIA hacking
There’s unfortunately not much that can be done about these exploits, however it’s g

Viewing all articles
Browse latest Browse all 12749

Trending Articles