WikiLeaks: The CIA is using popular TVs, smartphones and cars to spy on their owners
The inwards track on Washington politics.
*Invalid email address
The latest revelations about the U.S. government’s powerful hacking implements potentially takes surveillance right into the homes and hip pockets of billions of users worldwide, showcasing how a remarkable multitude of everyday devices can be turned to spy on their owners.
Televisions, smartphones and even anti-virus software are all vulnerable to CIA hacking, according to the WikiLeaks documents released Tuesday. The capabilities described include recording the sounds, photos and the private text messages of users, even when they resort to encrypted apps to communicate.
While many of the attack technologies had been previously discussed at cybersecurity conferences, experts were startled to see evidence that the CIA had turned so many theoretical vulnerabilities into functioning attack implements against staples of modern life. These include widely used Internet routers, smartphones, and Mac and Windows computers.
In the case of a device called “Weeping Angel” for attacking Samsung SmartTVs, WikiLeaks wrote, “After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the holder falsely believes the TV is off when it is on, In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.”
The CIA reportedly also has studied whether it could infect vehicle control systems for cars and trucks, which WikiLeaks alleged could be used to conduct “nearly undetectable assassinations.”
And a specialized CIA unit called the Mobile Devices Branch produced malware to control and steal information from iPhones, which according to WikiLeaks were a particular concentrate because of the smartphone’s popularity “among social, political diplomatic and business elites.” The agency also targeted popular phones running Google’s Android, the world’s leading mobile operating system.
Wikileaks said it redacted lists of CIA surveillance targets, however it said they included targets and machines in Latin America, Europe and the United States. The anti-secrecy group also said that by developing such intrusive technology — rather than helping tech companies patch flaws in their products — the CIA was undermining efforts to protect the cybersecurity of Americans.
“The argument that there is some terrorist using a Samsung TV somewhere — as a reason to not disclose that vulnerability to the company, when it puts thousands of Americans at risk — I fundamentally disagree with it, “ said Alex Rice, chief technology officer for Hacker One, a start-up that enlists hackers to report security gaps to companies and organizations in exchange for cash.
The trove released Tuesday, which The Washington Post could not independently verify and the CIA has declined to confirm, included 8,761 documents that were the very first batch of a series of releases that WikiLeaks plans, it said.
This very first group, at least, shows significant differences from the two thousand thirteen revelations by the National Security Agency’s former contractor Edward Snowden. His trove of documents largely described mass surveillance of Internet-based communications systems, while the WikiLeaks release more often describes attacks on individual devices.
By targeting devices, the CIA reportedly gains access to even well-encrypted communications, on such popular apps as Signal and WhatsApp, without having to crack the encryption itself. The WikiLeaks reports acknowledged that difference by telling the CIA had found ways to “bypass,” as opposed to defeat, encryption technologies.
“The idea that the CIA and NSA can hack into devices is kind of old news,” said Johns Hopkins cryptography experienced Matthew D. Green. “Anyone who thought they couldn’t was living in a fantasy world.”
Snowden’s revelations and the backlash made strong encryption a major, well-funded cause for both privacy advocates and, perhaps more importantly, technology companies that had the engineering expertise and budgets to protect data as it flowed across the world.
Google, Microsoft, Facebook, Yahoo and many other companies announced major fresh initiatives, in part to protect their brands against accusations by some users that they had made it too effortless for the NSA to collect information from their systems. Many websites, meantime, began encrypting their data flows to users to prevent snooping. Encryption implements such as Tor were strengthened.
Encrypting apps for private messaging, such as Signal, Telegram and WhatsApp exploded in popularity, especially among users around the world who were fearful of government intrusion. In the days following the U.S. presidential election, Signal was among the most downloaded in Apple’s app store, and downloads grew by more than three hundred percent.
Open Murmurs Systems, which developed Signal, released a statement Tuesday, telling, “The CIA/WikiLeaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption.”
WhatsApp declined to comment, and Telegram did not react to requests for comment. Google declined to comment, while Samsung did not react to requests for comment.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will proceed work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most latest security updates,” Apple spokesman Fred Sainz said in a statement Tuesday.
U.S. government authorities complained loudly that the post-Snowden wave of encryption was undermining their capability to investigate serious crimes, such as terrorism and child pornography. The FBI in two thousand sixteen sued Apple in hopes of forcing it to unlock an iPhone used by the San Bernadino killers before announcing it had other ways to crack the device amid intense public criticism.
Against that backdrop, many privacy advocates argued that devices — often called “endpoints” for their place on chains of communications that can crisscross continents — were the best available targets left in a world with widespread online encryption. The WikiLeaks documents suggests that the CIA may have reached the same conclusion.
“It would certainly be consistent with the hypothesis that we’ve made real progress in the encryption we’ve been introducing,” said Peter Eckersley, technology projects director for the Electronic Frontier Foundation, a San Francisco-based civil liberties group. “It’s unlikely to be one hundred percent certain, but reading the tea leaves, it’s plausible.”
The WikiLeaks revelations also will serve as a reminder that, for whatever the political backlash to revelations about digital spying, it is not going away and most likely will proceed to grow.
Aside from the United States, many other advanced nations such as China, Russia, Britain and Israel have enormously sophisticated instruments for digital spying. Less advanced nations have gained access to powerful online spying technology through a sturdy and lightly regulated industry of surveillance contractors based via the world.
On Tuesday, resignation and frustration rippled through Silicon Valley as technologists grappled with revelations of yet another U.S. government attempt to exploit their systems. And cybersecurity experts reacted with alarm.
“This is explosive,” said Jake Williams, founder of Rendition Infosec, a cybersecurity rock hard. The material highlights specific anti-virus products that can be defeated, going further than a release of NSA hacking implements last year, he said.
The WikiLeaks release exposed that the CIA has sophisticated “stealth” capabilities that enable hackers not only to infiltrate systems, but evade detection, as well as abilities to stir inwards a system loosely as if they possessed it.
Nicholas Weaver, a computer security researcher at the University of California at Berkeley said the dates in the WikiLeaks files suggest the documents were taken in February or March 2016. At least two of them are marked Top Secret, “which suggests that somebody in early two thousand sixteen managed to compromise a Top Secret CIA development system and is willing to say that they did.”