WikiLeaks published thousands of documents Tuesday described as secret files about CIA hacking tools the government employs.
What was the CIA hacking?
Just about everything. The WikiLeaks vault details hacks aimed at the most popular smartphone operating systems, Windows and Mac PCs, home Internet routers and even your “Smart TV.”
Importantly, a number of these techniques seem to require physical access to the device, which means a hacker sitting in a basement at the Central Intelligence Agency can’t just fire up an app that zaps anyone’s phones. But there are also much-discussed malware-style methods that rely on a target clicking a link or opening a document on their device. Much of the usable code or detailed description of flaws that could lead to reverse-engineering appears to have been redacted by WikiLeaks.
What do the documents say they can hack?
The WikiLeaks documents are presented in a format that resembles a Jira or Confluence-style developer wiki . The project aimed at spying through your TV is called Weeping Angel: It appears to put some Samsung smart TVs into a “fake off” mode that suppresses the LED that tells you the power is on as it then attempts to stay connected to the Internet and activate audio and video capture capabilities. From the documents, it’s not clear if this ever worked.
The document lays out 24 different “zero day” exploits for Google Android devices – in other words, 24 security holes in Alphabet’s smartphone operating system the company either doesn’t know about or hasn’t fixed. Some are sourced from Britain’s Government Communications Headquarters , some from the National Security Agency , while others appear to be purchased or developed in-house.
For Apple’s iOS, there appear to be more than a dozen exploits, some dating back to iOS 4, some from iOS 9. Again, the sources are mixed, with one exploit being credited to a Chinese team of jailbreakers – the term for hackers who crack hardware and software protections on gadgets – called Pangu. Some of these flaws claim to allow for kernel access, or the ability to make changes to the core of the operating system.
One important note here: In some cases, both WikiLeaks and media reports have suggested these techniques allow the CIA and others to “bypass” popular encrypted communications apps such as Signal and Whatsapp. That implies that the apps themselves are vulnerable in some new way, but that doesn’t actually appear to be the case. The point of encrypting communications is so people who try to capture your messages in transit can only collect unreadable gibberish; if your phone itself is compromised, the messages that are unencrypted so you can read them are also readable by spies or bad guys.
Some of the exploits in the document are already well known – the DarkComet RAT (remote access tool) is referenced as a way to take over an infected PC’s webcam and capture images with it There’s also a directory of tools to steal any passwords that were entered on a computer’s Internet Explorer browser, as well as multiple key-logging solutions . There are redacted documents that appear to describe how to avoid detection by every commercially available anti-virus software.
These hardware attacks come from a group WikiLeaks identifies as “Embedded Devices Branch (EDB)” and they cover a wide range of existing programs and some that appear to be under development. There are documents that focus on the most popular Internet routers for Chinese and Pakistan telecoms, not to mention hot sellers on Amazon. There is also a program called Captive Portal that discusses what looks like WiFi hotspots and using them to force access into iPhones or other devices nearby. There are also documents that attack software called Connectify, which is used to turn your PC into a virtual router or WiFi hotspot.
The documentation is both highly technical and occasionally quite jocular. This section on tradecraft is particularly jarring given the method by which we’re reading all these leaked files: “Tradecraft plays a critical role within our tool development cycle. If a tool is sloppy its life is much shorter, and worse, the lifespans of the tools it is deployed with are also at risk. If we’re going through the trouble of coming up with some cool stuff, we’d rather not get beat on something silly. Below is a collection of some tradecraft DO’s and DON’Ts, however it is never complete and you should always be looking for better ways to protect ourselves (from signatures, correlation, and discovery).”
The rest of the document was empty.Report Typo/Error