When was the last time you heard about “Wikileaks”? This time the organization, famous for leaking important official government documents and files, has leaked a plethora of US based Central Intelligence Agency’s data.
Codenamed “Vault 7” the data includes more than 8,700 files that are claimed to be from the CIA itself. Of course the information hasn’t been verified so take this with a grain of salt.
Wikileaks claims that CIA lost control of an important archive which contained information about how they hack devices. The data got into the hands of former US government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
Devices CIA can Hack
If the reports are true then CIA can hack devices ranging from:
- Android phones
- Smart TVs (the report mentions Samsung TVs specifically)
- Windows and Linux computers
- Mac computers
CIA Can Read Your WhatsApp Messages
Another important revelation by Wikileaks was that the CIA can read your WhatsApp messages before they get encrypted. That’s right, the end-to-end encryption doesn’t deter CIA at all. This is because if CIA hacks your phone, they can have access to anything they want. Doesn’t matter if your messages are encrypted, if CIA can read them while you type them or read them yourself, end-to-end encryption is pretty much useless.
Keep in mind, WhatsApp, Signal and other apps were not hacked, its the OS that is the issue, as Edward Snowden points out:
PSA: This incorrectly implies CIA hacked these apps / encryption. But the docs show iOS/Android are what got hacked – a much bigger problem. https://t.co/Bw9AkBpOdt
— Edward Snowden (@Snowden) March 7, 2017
The OS is At Fault
Keep in mind that this doesn’t render encryption itself obsolete. The encryption stops the messages from being read after they are sent from your phone. It helps stop hackers from siphoning through public internet to read private messages.
The problem here is the OS and not the apps with both Apple’s iOS and Google’s Android being hacked by the CIA.
According to the reports, CIA hacked the above mentioned devices in a myriad of ways including:
- zero-day exploits (security flaws in an OS which the manufacturer doesn’t know of, so they haven’t been fixed)
Problems May Have Been Fixed
The documents cover CIA’s program from 2013 to 2016. It is yet unclear whether the CIA still uses the same methods to hack these devices or not. The OS versions were also not specified so it is possible that some of the zero day exploits and issues may have been patched out.