There was another huge dump of documents–8,761, to be exact–by Wikileaks today under the name “Vault,” all purported to be taken from the CIA’s Centre for Cyber Intelligence in Langley, Virginia. If Wikileaks is to be believed, the CIA has figured out a way into all our phones.
“Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.
The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone.
Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includesnumerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.
WhatsApp and other communications methods have also allegedly been compromised. And your TV may be watching you.
The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.
These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.
And if that weren’t enough, the CIA knows how to use your vehicle to kill you.
As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.
Holy shit! The CIA can use every phone, computer, game console and TVs to spy on anyone anywhere in the world? And what’s even more frightening is that they alledgely lost control of all this software. In other words, the bad guys can now do this, too.
Paranoid yet? Keep reading until you get to the part about how the CIA makes a hack look like it came from Russia. (Wait until Donald Trump hears about that! Expect lots of fingerpointing about “deep state” interference in the Trump campaign and administration.) Wired has more reporting here while you can read what the NY Times says here. The New Yorker also has good stuff here.