Wikileaks just dropped a massive collection of information detailing how the US government is attacking the devices that many of us use every single day in an effort to gain intel for its own purposes. Tactics for breaching iPhones, iPads, Android devices, PCs, routers, and even smart TVs are included in the leak, which has some serious privacy and security implications if even a fraction of it proves to be accurate.
Much the of the leak confirms what most people assume about the US government’s ability to circumvent the built-in security features of computer software and mobile devices — for example, that the organization has many “zero day” exploits for computers running Windows, Mac OS, Linux, and more. The sheer power of the CIA’s tools, according to the report, is really the story here.
The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB’s ‘HIVE’ and the related ‘Cutthroat’ and ‘Swindle’ tools.
The report also details the CIA’s techniques that allow the agency to “penetrate, infest, and control both Android and iPhone software that has run presidential Twitter accounts” using zero day exploits that are not known to the security community at large.
And it’s not just the typical communications devices that are on the CIA’s target list, according to the leak. Even Samsung smart TVs can be used to eavesdrop on conversations without anyone in the room knowing.
The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.
Wikileaks’ report even suggests that the CIA was developing tools that could remotely control certain vehicle software and could allow the agency to cause “accidents” which would effectively be “nearly undetectable assassinations.”
The full details of the leak, which Wikileaks is calling “Vault 7” is available to peruse on the group’s website.