Wikileaks released a trove of files on Tuesday that confess about the CIA’s expertise on hacking your smartphones. According to the documents, CIA has a library of software attacks which can access to your smartphones and Apple iPhone, including those which could have a complete hold of your device.
The wide range of alternative access opportunities is provided by the attacks. Some give the sole power to the attacks by giving the control over “Kernel” which is the head of operating system for a smartphone, or at least to have a so-called “root” access, meaning to have large control over the files and software processes. Information like geolocation, communications, contacts, and more could be accessed by this technique. This could be helpful in targeted hacking instead of extended surveillance. However, one document reads a process by which specific unit within CIA “develops software exploits and implants for high priority target cell phones for intelligence collection.”
The Wikileaks documents further include detailed charts showing the probability of certain attacks which could be done by CIA on different types of cell phones and operating systems, including recent versions of iOS and Android – in addition to the attacks CIA has collected from other, public sources of Malware.
The documents indicates that except the exploits allegedly developed by the CIA, some were also discovered and released by cyber security companies, hacker groups, and independent researchers which were then purchased, downloaded or otherwise borrowed by the CIA or other members of the intelligence community counting FBI, NSA, and the NSA’s British counterpart GCHQ.
Shamoon, a borrowed attack is an infamous computer virus for stealing data and then fully impairing the hardware. Persistence, a tool founded by CIA is capable of giving the agency command over the device whenever it boots up again. Swamp monkey is another acquired attack by CIA, helps to get root access to the undisclosed android devices.
Former GCHQ analyst Matt Tait, tweeted “This is a very impressive list.” Viewing some of the attacks still to be viable.
Matt Green, the cryptographer at Johns Hopkins University, agrees with the fact that the leak was impressive but thinks that there were not many technically surprising hacks. This deficit of originality may have originated from a desire on the part of the agency to avoid detection, judging from one document of the trove, in which Equation group, an NSA hacking toolkit, and its public exposure is discussed by an apparent CIA personnel.
The iOS hacking chart, one of the Wikileaks documents show that also an FBI hacking division, the Remote Operations Unit, has also been working on to discover a way through to iPhone. While investigating the slayer of a mass shooting in San Bernardino last February, the FBI attempted argued in the court that Apple was indentured to give FBI access to its phone by generating an inefficient version of the device’s operating system.
If the WikiLeak documents are accurate, the pre-existing deep involvement of FBI and other elements of the investigative company in making their own way to the iPhone would have been shown. Government assurances regarding San Bernardino case that any exploit developed by Apple to give FBI access to the murder’s phone would not be disclosed to criminals or nation states, is also under question after the compromise of the document.
A trove of more than 8,000 documents have been released by WikiLeaks revealing CIA and FBI hacking process, said to be originated from a CIA network and date from 2013 to 2016. The CIA denied to comment on the documents which exposed the CIA techniques, allegedly developed to convert so-called smart televisions into listening devices. Indicating active investigations to the revelations, the Google also declined to comment, however, Apple does not respond to a request for comment.
It is obscure about the fact that who has given the WikiLeaks an access to the documents; an impact came out from the material hosted on the site shows that it’s coming from a whistle blower who wants to trigger a debate about the security, creation, use, proliferation and democratic control of cyber weapons. But the leaker could also be an outsider, may be backed by a foreign power.
Journalists covering #Vault7: consider this could be as much about Russia as CIA or WikiLeaks, a continuation of teardown of US government
— Jay Healey (@Jason_Healey) March 7, 2017
“This could be as much about Russia as CIA or WikiLeaks,” tweeted Jason Healey, Senior Research Scholar at Columbia University’s School for International and Public Affairs “A continuation of the tear down of U.S. government.”
According to a chart in the file database, a German iOS security researcher Stefan Esser, has developed an iOS named ‘ironic’ which gives an access to the operating system Kernel, however, when iPhone was updated to iOS 8.0, the hack died.
Without referring to any document, Wikileaks discussed CIA access level to encrypted applications including popular Open Whisper Systems’ application Signal – yet the documents do not show CIA has broken the app’s end to end encryption. However, the CIA can bypass the encryption by hacking the phone itself and everything on it, including data stored within any app — including messages from Telegram, WhatsApp, and other secure messaging apps, the document indicated.
WikiLeaks documents stated that the CIA has violated the commitments made by Obama’s administration to acknowledge the vendors about serious software vulnerabilities to improve the security of their products.
Vulnerabilities Equities Process, a system developed by the administration to allow various government organizations to help determine when it’s better for national security to expose unpatched vulnerabilities and when it’s better to take advantage of them to chase targets.
Nathan White, senior legislative manager for digital rights group Access Now, in a press release wrote a response to new leaks, ”Access Now condemns the stockpiling of vulnerabilities, calls for limits on government hacking and protections for human rights, and urges immediate reforms to the Vulnerabilities Equities Process,” indicating that at least some civil liberties advocates acknowledge the WikiLeaks assessment.
Share this article
About the Author
Zehra Ali is a Tech Reporter and Journalist. She has done her Masters in Mass Communication. Topics related to cybersecurity, IoT, AI, Big Data and other privacy matters are extensively covered by her on various platforms. You can follow her on twitter.More from Zehra Ali
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
Watch Prime Videos With Full Catalog and Unblocked Access Unblocking streaming content from Amazon P...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2021. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interfere w...