Your applications encrypt your data. You’re protected, right?
There are three things you need to know about the latest round of papers made public by Wikileaks:
- The CIA (in some cases in partnership with UK’s MI5) developed ways to hack device operating systems. The devices include all types of computers and cell phones, networked TVs, car onboard systems — basically everything anyone uses that’s connected to the Internet. The operating systems affected are Windows, Android and Apple.
- The hack allows the user to read data as it is entered (typed or oral), before it is encrypted. Everything.
- The hack allows users to control devices and use them for spying on device owners.
- The CIA may have LOST CONTROL of these hacks, meaning that they are out in the public domain where others can use them.
The CIA might not care about you, but are there others who might want your bank account?
The revelations have shocked experts.
Still, the amount of smartphone vulnerabilities and exploits detailed in these documents was shocking even to experts. “It certainly seems that in the CIA toolkit there were more zero-day exploits” – an exploitable vulnerability in software not known to the manufacturer – “than we’d estimated,” Jason Healey, a director at the Atlantic Council think tank, told Wired Magazine. He added: “If the CIA has this many, we would expect the NSA to have several times more.”(3)
Early reports are that the documents published by Wikileaks appear authentic. None of the companies involved have commented on the situation. Nor do there appear to be any patches immediately in the offing. After all, none of the players is yet admitting that they have something to patch.
Some writers see a bright side in these revelations: the decision to hack operating systems means that data encryption tools work. That may or may not be true. We don’t know what is still to be revealed.
Security problems aren’t under control or going away.
“Anybody who thinks that the Manning and Snowden problems were one-offs is just dead wrong,’’ said Joel Brenner, former head of U.S. counterintelligence at the office of the Director of National Intelligence. “Ben Franklin said three people can keep a secret if two of them are dead. If secrets are shared on systems in which thousands of people have access to them, that may really not be a secret anymore. This problem is not going away, and it’s a condition of our existence.’’(4)
I’ve said that nothing on the Internet is private, but this takes that statement to an entirely new level. Nothing you type or speak into an Internet connected device is private.
Ben Franklin was indeed a very wise man.
- Sharon Profis and Sean Hollister, “WikiLeaks and how the CIA sees your WhatsApp messages, explained,” CNet, 7 March 2017. https://www.cnet.com/how-to/wikileaks-cia-hack-phone-tv-router-vault-7-year-zero-weeping-angel/?ftag=CAD3c77551&bhid=25995825932822145966367556179766
- Jose Pagliery, “Wikileaks claims to reveal how CIA hacks TVs and phones all over the world,” CNN Tech, 7 March 2017. http://money.cnn.com/2017/03/07/technology/wikileaks-cia-hacking/
- Trevor Timm, “WikiLeaks says the CIA can use your TV to spy on you. But there’s good news,” The Guardian, 7 March 2017. https://www.theguardian.com/commentisfree/2017/mar/07/wikileaks-says-the-cia-can-use-your-tv-to-spy-on-you-but-theres-good-news
- Devlin Barrett, “FBI prepares for new hunt for WikiLeaks’ source,” The Washington Post, 7 March 2017.