WikiLeaks released on Tuesday the first group of hacking tools elaborated by the CIA. The documents show the agency targets smart devices by Samsung, Apple, Google, and Microsoft. Reportedly, there are more leaks on the way.
Companies affected by the security flaws and exploits created by the government agency have since reacted to the issue. The only one not to make a statement yet was Google, which now has over 1 billion Android smartphones compromised.
Newspapers and outlets around the world are taking WikiLeaks’ call to heart, which encouraged journalists to find the stories hidden beneath thousands and thousands of secret documents.
Tech giants are taking WikiLeaks’ claims seriously
The BBC reached out to the firms affected by the surprising data dump, and several of them answered promptly except Google. Alphabet’s principal subsidiary is perhaps one of the most impacted by the leak.
Apple replied with confidence on their operating system and said many of the exploits detailed on the documents have long since been patched in recent iOS releases.
The data from Vault 7’s Year Zero dates from 2013 to 2016, so some of the malware or hacking tools described could be outdated already. Apple said it is working on identifying and fixing new vulnerabilities.
Samsung, on the other hand, said it was “urgently looking into the matter.” The matter in question involves its entire series of F800 Smart TVs, which are prone to becoming covert microphones using a tool codenamed Weeping Angel.
Weeping Angel works by transferring the malware using a USB stick on the TV. This makes the set able to go into a fake off mode and listen to conversations happening where it is installed.
Microsoft and Linux also addressed the controversial data dump, saying they were aware of the problem and carefully looking into it. In the case of Linux, a spokesperson stated that they rely on its open source community to find and fix vulnerabilities faster than companies with just a security division.
Experts say not to be too worried unless you’re a target
Analysts looking at the leak more calmly arrived at the conclusion that only high-profile people should be concerned about the CIA’s cyber weapons. Politicians, executives, organizations, companies and other individuals of interest are likely targets of the agency.
Everyday people should not worry too much about it, and if they have any concerns about their smart devices becoming spying tools, then they should just disconnect them or stop using them altogether.
It is only natural that an intelligence agency has dedicated hacking tools to access the world’s most popular platforms. Where they went wrong, however, was on knowingly stockpiling vulnerabilities and leaving them open for everyone to exploit.
By not telling companies about these holes on their systems, both the CIA and any hacker or rogue tech group can make use of them to gather information, hijack devices, and potentially endanger individuals.
The FBI has opened an investigation to look into who, why, and how the documents were leaked. New reports surfaced this morning that the CIA knew about the data breach at least since last year.