WikiLeaks: CIA has been turning your phones and TVs into undercover mics
Global Panorama via Flickr CC
WikiLeaks released more than 8,000 documents it says originate from the CIA's Center for Cyber Intelligence that reveal its hacking capabilities and programs between 2013 and 2016, including malware, viruses, Trojans, malware remote control systems, and weaponized exploits. That amounts to several hundred million lines of code and more pages than were published in the first three years of the Edward Snowden leaks.
They're calling it "Vault 7." The main findings:
- The CIA has turned iPhones, Android devices, Windows operating systems, and Samsung TVs into covert microphones, known as "zero day" weaponized exploits.
- "Weeping Angel," which infests Samsung smart TVs, was developed with the UK's MI5/BTSS, and turns the TV in a "Fake-Off" mode to route audio over the Internet to a covert CIA server.
- The CIA has also developed attacks to remotely control popular smart phones so they send geolocation, audio, and text communications, and activate the phone's camera and microphone. The CIA either made these attacks or obtained them from the Government Communication Headquarters in the UK, the NSA, or the FBI, or purchased it from arms contractors. (Note, that bypasses the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide, and Cloakroom.)
- The CIA has developed malware attacks and control systems for Windows, Mac OS X, Solaris, Linux, and more.
- The U.S. Consulate in Frankfurt operates as a covert CIA hacker base, covering Europe, the Middle East, and Africa. WikiLeaks disclosed instructions the CIA hackers use to get through German Customs.
CIA spokesman Jonathan Liu told the AP: "We do not comment on the authenticity or content of purported intelligence documents."
Why this matters, according to WikiLeaks:
"Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability. If the CIA can discover such vulnerabilities so can others."
Also: In not disclosing the vulnerabilities to the companies at risk, the CIA may have violated the Vulnerability Equities Process that Obama enacted in 2014. And the malware revealed is able to penetrate and control both the Android and iPhone software that runs or has run presidential Twitter accounts. The U.S. made these cyber spying codes unclassified, which means the weapons can be "pirated" easily.
Wikileaks source: The source was former U.S. government hackers and contractors who circulated the documents without the authority to do so, one of whom handed them off to WikiLeaks. The source said the motivation was to allow the public to debate whether the CIA's hacking capabilities exceed its mandate.