Mar 7, 2017

WikiLeaks: CIA has been turning your phones and TVs into undercover mics

Global Panorama via Flickr CC

WikiLeaks released more than 8,000 documents it says originate from the CIA's Center for Cyber Intelligence that reveal its hacking capabilities and programs between 2013 and 2016, including malware, viruses, Trojans, malware remote control systems, and weaponized exploits. That amounts to several hundred million lines of code and more pages than were published in the first three years of the Edward Snowden leaks.

They're calling it "Vault 7." The main findings:

  • The CIA has turned iPhones, Android devices, Windows operating systems, and Samsung TVs into covert microphones, known as "zero day" weaponized exploits.
  • "Weeping Angel," which infests Samsung smart TVs, was developed with the UK's MI5/BTSS, and turns the TV in a "Fake-Off" mode to route audio over the Internet to a covert CIA server.
  • The CIA has also developed attacks to remotely control popular smart phones so they send geolocation, audio, and text communications, and activate the phone's camera and microphone. The CIA either made these attacks or obtained them from the Government Communication Headquarters in the UK, the NSA, or the FBI, or purchased it from arms contractors. (Note, that bypasses the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide, and Cloakroom.)
  • The CIA has developed malware attacks and control systems for Windows, Mac OS X, Solaris, Linux, and more.
  • The U.S. Consulate in Frankfurt operates as a covert CIA hacker base, covering Europe, the Middle East, and Africa. WikiLeaks disclosed instructions the CIA hackers use to get through German Customs.

CIA spokesman Jonathan Liu told the AP: "We do not comment on the authenticity or content of purported intelligence documents."

Why this matters, according to WikiLeaks:

"Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability. If the CIA can discover such vulnerabilities so can others."

Also: In not disclosing the vulnerabilities to the companies at risk, the CIA may have violated the Vulnerability Equities Process that Obama enacted in 2014. And the malware revealed is able to penetrate and control both the Android and iPhone software that runs or has run presidential Twitter accounts. The U.S. made these cyber spying codes unclassified, which means the weapons can be "pirated" easily.

Wikileaks source: The source was former U.S. government hackers and contractors who circulated the documents without the authority to do so, one of whom handed them off to WikiLeaks. The source said the motivation was to allow the public to debate whether the CIA's hacking capabilities exceed its mandate.

Go deeper

Coronavirus kills 2 Diamond Princess passengers and South Korea sees first death

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. U.S. numbers include Americans extracted from Princess Cruise ship.

Two elderly Diamond Princess passengers have been killed by the novel coronavirus — the first deaths confirmed among the more than 600 infected aboard the cruise ship. South Korea also announced its first death Thursday.

The big picture: COVID-19 has now killed more than 2,200 people and infected over 75,465 others, mostly in mainland China, where the National Health Commission announced 118 new deaths since Thursday.

Go deeperArrowUpdated 3 hours ago - Health

SoftBank to cut its stake to get T-Mobile's Sprint deal done

Illustration: Rebecca Zisser/Axios

T-Mobile and Sprint announced a revised merger agreement that will see SoftBank getting a smaller share of the combined company, while most shareholders will receive the previously agreed upon exchange rate. The companies said they hope to get the deal as early as April 1.

Why it matters: The amended deal reflects the decline in Sprint's business, while leaving most shareholders' stake intact and removing another hurdle to the deal's closure.