Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets, including the agency’s ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems.
It dubbed the first release as Vault 7.
Vault 7 is just the first part of leak series “Year Zero” that WikiLeaks will be releasing in coming days. Vault 7 is all about a covert global hacking operation being run by the US Central Intelligence Agency (CIA).
According to the whistleblower organization, the CIA did not inform the companies about the security issues of their products; instead held on to security bugs in software and devices, including iPhones, Android phones, and Samsung TVs, that millions of people around the world rely on.
One leaked document suggested that the CIA was even looking for tools to remotely control smart cars and trucks, allowing the agency to cause “accidents” which would effectively be “nearly undetectable assassinations.”
While security experts, companies and non-profit organizations are still reviewing 8,761 documents released as Vault 7 archive, we are here with some relevant facts and points that you need to know.
Here’s Everything You Need to Know About Vault 7:
WikiLeaks Exposes CIA’s Mobile Hacking Secrets
Vault 7 purportedly includes 8,761 documents and files that detail intelligence information on CIA-developed software intended to crack any Android smartphone or Apple iPhone, including some that could take full control of the devices.
In fact, Wikileaks alleges that the CIA has a sophisticated unit in its Mobile Development Branch that develops zero-day exploits and malware to “infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads.”
Some of the attacks are powerful enough to allow an attacker to remotely take over the “kernel,” the heart of the operating system that controls the smartphone operation, or to gain “root” access on the devices, giving the attacker access to information like geolocation, communications, contacts, and more.
These types of attacks would most likely be useful for targeted hacking, rather than mass surveillance.
The leaked documents also detail some specific attacks the agency can perform on certain smartphones models and operating systems, including recent versions of iOS and Android.
CIA Didn’t Break Encryption Apps, Instead Bypassed It
In the hours since the documents were made available by WikiLeaks, a misconception was developed, making people believe the CIA “cracked” the encryption used by popular secure messaging software including Signal and WhatsApp.
WikiLeaks asserted that:
“These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloakman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.”
This statement by WikiLeaks made most people think that the encryption used by end-to-end encrypted messaging clients such as Signal and WhatsApp has been broken.
No, it hasn’t.
Instead, the CIA has tools to gain access to entire phones, which would of course “bypass” encrypted messaging apps because it fails all other security systems virtually on the phone, granting total remote access to the agency.
The WikiLeaks documents do not show any attack particular against Signal or WhatsApp, but rather the agency hijacks the entire phone and listens in before the applications encrypt and transmit information.
It’s like you are sitting in a train next to the target and reading his 2-way text conversation on his phone or laptop while he’s still typing, this doesn’t mean that the security of the app the target is using has any issue.
In that case, it also doesn’t matter if the messages were encrypted in transit if you are already watching everything that happens on the device before any security measure comes into play.
But this also doesn’t mean that this makes the issue lighter, as noted by NSA whistleblower Edward Snowden, “This incorrectly implies CIA hacked these apps/encryption. But the docs show iOS/Android are what got hacked—a much bigger problem.“
CIA Develops Malware to targets Windows, Linux & MacOS
The Wikileaks CIA dump also includes information about the malware that can be used by the agency to hack, remotely spy on and control PCs running Windows, macOS, and Linux operating systems.
This apparently means that the CIA can bypass PGP email encryption and even Virtual Private Network (VPN) on your computer in a similar way. The agency can also see everything you are doing online, even if you are hiding it behind Tor Browser.
Again, this also does not mean that using PGP, VPNs, or Tor Browser is not safe or that the CIA can hack into these services.
But the agency’s ability to hack into any OS to gain full control of any device — whether it’s a smartphone, a laptop, or a TV with a microphone — makes the CIA capable of bypassing any service spy on everything that happens on that device.
CIA Borrowed Codes from Public Malware Samples
Yes, in addition to the attacks purportedly developed by the CIA, the agency has adopted some of the code from other, public sources of malware. Well, that’s what many does.
One of the documents mentions how the agency supposedly tweaks bits of code from known malware samples to develop its custom code and more targeted solutions.
“The UMBRAGE team maintains a library of application development techniques borrowed from in-the-wild malware,” the WikiLeaks document reads. “The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions.”
Some of the exploits listed were discovered and released by security firms, hacker groups, independent researchers, and purchased, or otherwise acquired by the CIA from other intelligence agencies, such as the FBI, NSA, and GCHQ.
One borrowed exploit in “Data Destruction Components” includes a reference to Shamoon, a nasty malware that has the capability to steal data and then completely wipe out hard-drives.
Another acquired attack by the CIA is SwampMonkey, which allows the agency to get root privileges on undisclosed Android devices.
Persistence, another tool in the CIA arsenal, allows the agency to gain control over the target device whenever it boots up again.
CIA Used Malware-Laced Apps to Spy on Targets
The leaked documents include a file, named “Fine Dining,” which does not contain any list of zero-day exploits or vulnerabilities, but a collection of malware-laced applications.
Fine Dining is a highly versatile technique which can be configured for a broad range of deployment scenarios, as it is meant for situations where the CIA agent has to infect a computer physically.
CIA field agents store one or more of these infected applications — depending upon their targets — on a USB, which they insert in their target’s system to run one of the applications to gather the data from the device.
Developed by OSB (Operational Support Branch), a division of the CIA’s Center for Cyber Intelligence, Fine Dining includes modules that can be used to weaponize following applications:
- VLC Player Portable
- Chrome Portable
- Opera Portable
- Firefox Portable
- ClamWin Portable
- Kaspersky TDSS Killer Portable
- McAfee Stinger Portable
- Sophos Virus Removal
- Thunderbird Portable
- Opera Mail
- Foxit Reader
- LibreOffice Portable
- Babel Pad
- Iperius Backup
- Sandisk Secure Access
- U3 Software
- 7-Zip Portable
- Portable Linux CMD Prompt
CIA Has Been Desperately Working for Years to Break Apple’s Encryption
This is not the first time when the CIA has been caught targeting iOS devices. It was previously disclosed that the CIA was targeting Apple’s iPhones and iPads, following the revelation of top-secret documents from the agency’s internal wiki system in 2015 from the Snowden leaks.
The documents described that the CIA had been “targeting essential security keys used to encrypt data stored on Apple’s devices” by using both “physical” and “non-invasive” techniques.
In addition to the CIA, the FBI hacking division Remote Operations Unit has also been working desperately to discover exploits in iPhones, one of the WikiLeaks documents indicates.
That could also be the reason behind the agency’s effort to force Apple into developing a working exploit to hack into the iPhone belonging to one of the terrorists in the San Bernardino case.
Apple Says It Has Already Patched Most Flaws Documented in CIA Leak
Besides vulnerabilities in Android and Samsung Smart TVs, the leaked documents detail 14 iOS exploits, describing how the agency uses these security issues to track users, monitor their communications, and even take complete control of their phones.
However, Apple is pushing back against claims that the CIA’s stored bugs for its devices were effective.
According to Apple, many iOS exploits in the Wikileaks CIA document dump have already been patched in its latest iOS version, released in January, while Apple engineers continue to work to address any new vulnerabilities that were known to the CIA.
Here’s the statement provided by an Apple spokesperson:
“Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.”
Hacking ‘Anyone, Anywhere,’ Thanks to Internet Of ‘Insecure’ Things
Besides hundreds of exploits, zero-days, and hacking tools that targets a large number of software and services, Vault 7 also includes details about a surveillance technique — codenamed Weeping Angel — used by the CIA to infiltrate smart TVs.
Samsung smart TVs are found to be vulnerable to Weeping Angel hacks that place the TVs into a “Fake-Off” mode, in which the owner believes the TV is off when it is actually on, allowing the CIA to covertly record conversations “in the room and sending them over the Internet to a covert CIA server.”
“Weeping Angel already hooks key presses from the remote (or TV goes to sleep) to cause the system to enter Fake-Off rather than Off,” the leaked CIA document reads. “Since the implant is already hooking these events, the implant knows when the TV will be entering Fake-Off mode.”
In response to the WikiLeaks CIA documents, Samsung released a statement that reads: “Protecting consumers’ privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter.”
WikiLeaks’ CIA Leak Isn’t Bigger than Snowden’s NSA Leaks
WikiLeaks claims the massive CIA hacking leak is larger than the Edward Snowden revelations about NSA’s hacking and surveillance programs, but it is much much smaller.
While the Snowden revelations disclosed the global covert surveillance through text, the voice of people using hacking tools that permitted mass data gathering and analysis, the CIA data dump so far just shows that the CIA gathered and purchased tools that could be used to target individual devices.
However, there is no evidence of mass surveillance of smartphones or computers in the leaked documents. Technologically, the NSA is much more forward in sophistication and technical expertise than the CIA.
Ex-CIA Chief Says Wikileaks dump has made US ‘less safe’
Former CIA boss Michael Hayden said the latest leak of highly sensitive CIA documents and files by Wikileaks is “incredibly damaging” and has put lives at risk, BBC reports, while the CIA has not yet commented on the leaks.
The CIA revelations by the whistleblower organization are just beginning. People will see more revelations about the government and agencies from the WikiLeaks in coming days as part of its Year Zero leaks.