The recent WikiLeaks data dump of alleged “Vault 7” CIA documents put some people on edge. Did, as WikiLeaks contends, the government already have tools to remotely bypass encryption on iPhones or turn your Samsung TV into a listening device? For their part, Apple and Samsung say they have already fixed — or are working to fix — the vulnerabilities referenced in the leaked docs.
According to the documents released Tuesday, the CIA’s Mobile Devices Branch had developed attacks that remotely hack and control popular smartphones — including both Apple iOS and Android-based devices — in order to collect sensitive information such as audio, text messages, and location data.
In the case of Apple, the company told CNET Tuesday that the majority of the issues noted in the leaks were fixed with an iOS update released on Jan. 23.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” an Apple spokesman tells CNET. “We always urge customers to download the latest iOS to make sure they have the most recent security updates.”
WikiLeaks also claimed Tuesday that the CIA’s Engineering Development Group had developed a project — dubbed “Weeping Angel” — that turns TVs into listening devices.
The TV’s user may believe their television is turned off, but the documents reference the ability to impose a “fake-off” state where the TV appears to be powered down but it continues to listen.
A rep for Samsung told BuzzFeed News Wednesday that it is working to address the issues detailed in the report.
“Protecting consumers’ privacy and the security of our devices is a top priority at Samsung,” the rep said. “We are aware of the report in question and are urgently looking into the matter.”
Another concern arising from this recent data dump involves the assertion by WikiLeaks that fully encrypted messaging systems like Signal or WhatsApp could be accessed by the CIA.
In fact, WikiLeaks boldly claimed on Twtter it had “confirmed” this ability:
However, the folks behind Signal at Open Whisper Systems challenged WikiLeaks to back up this assertion, claiming there is no evidence in the leaked documents to back up this assertion.
“The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption,” wrote the company.
Similarly the Electronic Frontier Foundation said in a statement that it has yet to see any evidence in the documents of the CIA exploiting a vulnerability in these encrypted messaging services.
by Ashlee Kieler via Consumerist