CIA turned phones, TVs into spy devices: WikiLeaks
Agency division hid flaws from companies, documents say
WASHINGTON — A formidable CIA hacking division has amassed hundreds of tools to control smartphones and TVs, and it employed hidden flaws in products made by trusted firms such as Apple, Microsoft and Google for espionage purposes without notifying the companies of the vulnerabilities, WikiLeaks said Tuesday.
WikiLeaks released what it said were 8,761 documents taken from the CIA’s Center for Cyber Intelligence in Langley, Virginia, in what it described as “the largest intelligence publication in history.”
The documents indicate that the CIA has collected “more than a thousand hacking systems, trojans, viruses and other ‘weaponized’ malware” that allow the agency to seize direct control of devices made by the biggest high-tech firms worldwide. One document indicated that the unit sought to develop ways to commandeer the control systems of vehicles.
WikiLeaks said the CIA had purposefully withheld information from the manufacturers about the vulnerabilities in their systems, undercutting a 2014 pledge by former U.S. president Barack Obama to disclose the vulnerabilities so they could be patched and made safe.
CIA spokesman spokesman Jonathan Liu declined to say whether the published materials were authentic. The White House also refused to comment.
The documents obtained by WikiLeaks, which the anti-secrecy group said span 2013 to 2016, reveal an arsenal of malware and dozens of “zero day” exploits against a wide range of products, including Apple’s iPhone, Google’s Android, Microsoft’s Windows and even Samsung smart televisions, which can have their microphones activated covertly.
A “zero day” is a previously undetected hole or vulnerability in software. It is so named because a victim has zero time between discovery of the flaw and penetration by an attacker.
Some of the tools disclosed in the documents would allow the penetration of networks, implantation of malicious code, control of systems and removal of material. The tools target all kinds of everyday work and entertainment devices, from networks and desktop computers to smartphones and even computerized vehicle operating systems.
Specific tools target the most popular brands of smartphones, giving remote operators access to the phone’s location and its audio and text communications, and permitting covert activation of the camera and microphone, perhaps from a great distance.
While iPhones compose only 14.5 per cent of the global smartphone market, WikiLeaks said the focus on Apple’s iOS operating system “may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.”
The documents indicate that the CIA controlled 24 different vulnerabilities for Google’s Android operating system, which is used in as many as five out of six smartphones worldwide.
“These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Weibo, Confide and Cloackman by hacking the smartphones that they run on and collecting audio and message traffic before encryption is applied,” WikiLeaks said.
One document reveals collaboration between the CIA and Britain’s electronic signals intelligence agency, known as GCHQ, as well as a private cybersecurity company, Baitshop, in finding vulnerabilities in the iPhone.
Another document shows collaboration between the CIA unit and MI5, the British domestic spying agency, to create “Weeping Angel,” a program that turns Samsung smart TV sets into covert listening devices.