Phones, TVs could be used to lis­ten in on con­ver­sa­tions

In­ter­na­tional non-profit or­gan­i­sa­tion Wik­ileaks re­cently leaked sev­eral doc­u­ments from the US in­tel­li­gence ser­vice de­tail­ing ways it was us­ing de­vices and ap­pli­ances to lis­ten in on users.

Finweek English Edition - - ON THE MONEY - Editorial@fin­week.co.za

spyin­gand hack­ing are back in the news head­lines, thanks to a new leak from Wik­ileaks. The or­gan­i­sa­tion has pub­lished 8 761 doc­u­ments and files, pub­lished be­tween 2013 and 2016, al­legedly de­tail­ing how the Amer­i­can Cen­tral In­tel­li­gence Agency (CIA) spies by co-opt­ing tech­nolo­gies in tar­get homes.

A Wik­ileaks press re­lease stated that the leak in­tro­duces the “scope and di­rec­tion” of the CIA’s global covert hack­ing pro­gramme, its mal­ware arse­nal and spe­cific tools that tar­get Ap­ple’s iPhone as well as Google’s An­droid and Mi­crosoft’s Win­dows phones in ad­di­tion to Sam­sung TVs, which are turned into covert mi­cro­phones.

The CIA has re­fused to com­ment on the au­then­tic­ity of the leaked doc­u­ments, but the leak is re­port­edly the sub­ject of a crim­i­nal in­ves­ti­ga­tion by the FBI.

“The Amer­i­can public should be deeply trou­bled by any Wik­ileaks dis­clo­sure de­signed to dam­age the In­tel­li­gence Com­mu­nity’s abil­ity to pro­tect Amer­ica against ter­ror­ists and other ad­ver­saries,” said a CIA state­ment fol­low­ing the leak. “Such dis­clo­sures not only jeop­ar­dize U.S. per­son­nel and op­er­a­tions, but also equip our ad­ver­saries with tools and in­for­ma­tion to do us harm.”

Wik­ileaks be­gan the leak, code-named Vault 7, on 7 March, claim­ing that the 8 761 doc­u­ments were the first batch in the se­ries and had been code-named Year Zero. The or­gan­i­sa­tion is claim­ing that Vault 7 in its en­tirety will be the largest in­tel­li­gence pub­li­ca­tion in his­tory.

It claimed that the doc­u­ments were from an iso­lated, high-se­cu­rity net­work sit­u­ated inside the CIA’s Cen­ter for Cy­ber In­tel­li­gence in Langley, Vir­ginia.

Wik­ileaks claims that by the end of 2016, the CIA’s hack­ing di­vi­sion had over 5 000 reg­is­tered users and had pro­duced more than a thou­sand hack­ing sys­tems, tro­jans, viruses, and other weaponised mal­ware.

“Such is the scale of the CIA’s un­der­tak­ing that by 2016, its hack­ers had uti­lized more code than that used to run Face­book,” read the press re­lease.

For­mer Na­tional Se­cu­rity Agency sub­con­trac­tor Ed­ward Snow­den called the leak a “big deal” on Twit­ter, say­ing that he was still work­ing through the pub­li­ca­tion.

Your phone and tele­vi­sion could be spy­ing on you

Wik­ileaks stated that it was con­cerned about the fact that the CIA ap­pears to be in vi­o­la­tion of a com­mit­ment given by the Obama ad­min­is­tra­tion to the US tech­nol­ogy in­dus­try that it would dis­close se­ri­ous vul­ner­a­bil­i­ties, ex­ploits and bugs it un­cov­ered on an on­go­ing ba­sis. “Se­ri­ous vul­ner­a­bil­i­ties not dis­closed to For­mer in­tel­li­gence con­trac­tor the man­u­fac­tur­ers places huge swathes of the pop­u­la­tion and crit­i­cal in­fra­struc­ture at risk to for­eign in­tel­li­gence or cy­ber crim­i­nals who in­de­pen­dently dis­cover or hear ru­mors of the vul­ner­a­bil­ity,” ar­gued Wik­ileaks. “If the CIA can dis­cover such vul­ner­a­bil­i­ties, so can oth­ers.”

Pri­vacy In­ter­na­tional ex­ec­u­tive direc­tor Dr Gus Ho­sein said if the leak is au­then­ti­cated, it demon­strates that gov­ern­ment hack­ing pow­ers can be ex­tremely in­tru­sive, have enor­mous se­cu­rity im­pli­ca­tions, and are not suf­fi­ciently reg­u­lated. “In­suf­fi­cient se­cu­rity pro­tec­tions in the grow­ing amount of de­vices con­nected to the in­ter­net or so-called “smart” de­vices, such as Sam­sung Smart TVs, only com­pound the prob­lem, giv­ing gov­ern­ments eas­ier ac­cess to our pri­vate lives,” said Ho­sein.

“If the CIA knew of se­cu­rity weak­nesses in the de­vices many of us use – from ‘smart’ phones to ‘smart’ TVs – they should have been work­ing with com­pa­nies to fix the vul­ner­a­bil­i­ties, not ex­ploit them.” What the leak does con­firm is that the apps you use can have all the se­cu­rity in the world, but they are only as se­cure as the de­vice you are us­ing.

Ac­cord­ing to Wik­ileaks the CIA has de­vel­oped nu­mer­ous at­tacks to re­motely hack and con­trol smart­phones, both iOS and An­droid. “In­fected phones can be in­structed to send the CIA the user’s ge­olo­ca­tion, au­dio and text com­mu­ni­ca­tions as well as covertly ac­ti­vate the phone’s cam­era and mi­cro­phone,” read the press re­lease.

Wik­ileaks ar­gues that all these tech­niques per­mit the CIA to by­pass the en­cryp­tion of What­sApp, Sig­nal, Tele­gram, Wiebo, Con­fide and Cloack­man by hack­ing the smart­phones that they run on and col­lect­ing au­dio and mes­sage traf­fic be­fore en­cryp­tion is ap­plied. Wik­ileaks sin­gles out a project called Weep­ing An­gel, which in­fests smart TVs, trans­form­ing them into covert mi­cro­phones. The or­gan­i­sa­tion says that Weep­ing An­gel places the tar­get TV in a fake OFF mode, so that the owner falsely be­lieves the TV is off when it is in fact on.

“In ‘Fake-Off’ mode the TV op­er­ates as a bug, record­ing con­ver­sa­tions in the room and send­ing them over the in­ter­net to a covert CIA server,” said Wik­ileaks. It claimed that the project was jointly de­vel­oped by the CIA and the UK’s MI5.

Hiding back­doors from tech­nol­ogy com­pa­nies

Ed­ward Snow­den

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.