WikiLeaks unveiled their latest dump of secret information, dubbed Vault 7, to the world on March 7. The popular news-leaking website, claims that the CIA has lost control of most of its hacking arsenal. This arsenal includes malware, viruses, and trojans. The CIA has also hoarded and weaponized something called “Zero Day” exploits, which are holes in software that are unknown to the manufacturer. This security hole can then be exploited by hackers before the manufacturer becomes aware of it and attempts to fix it.
To put this simply, the CIA has the capability to take control of smart TVs, personal computers, smartphones, and even newer car models that rely heavily on computers within the vehicle.
The attack against smart TVs, specifically those made by Samsung, allows the TVs to remain in a “fake off mode” which could then act as a microphone transmitting information back to a CIA server. This process is nicknamed “Weeping Angel,” an ironic but fitting name for the malicious program.
Cell phones go through different models and have constant updates all the time. Software updates are meant to work out any kinks, or holes in the software, that made their way through the factory. Some flaws can remain unfixed, and certain malicious programs can take advantage of those unfixed issues. Taking advantage of flaws in software is something of a specialty for the CIA.
According to WikiLeaks, the CIA’s Mobile Devices Branch (MDB) has developed numerous attacks and programs that can remotely hack and control smartphone devices. Infected devices can then be instructed to send the user’s location, audio, and text communications, and even secretly activate the phone’s cameras and microphone. No brand or model of smartphone is safe, but iPhones and Android devices are in the spotlight due to their popularity.
Since 2014, the CIA has had an interest in manipulating the vehicle control systems in newer models of cars. Most, if not all, car models made within the last few years have computers within them that more efficiently perform tasks that purely mechanical cars could accomplish in the past. Certain parts of new cars are controlled electronically, like the accelerator and brake pedals.
“The purpose of such [vehicle] control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations,” as explained by WikiLeaks. This idea has not been proven to be true, nor have any evidence of “CIA assassinations” occurred. While the claim about vehicle manipulation may seem outlandish, it is still a possibility and one that the CIA is supposedly working on.
The attack on smartphones is, for obvious reasons, the most off-putting piece from the WikiLeaks article. Not every family has a Smart TV, not everyone has a brand new car, but 68% of American adults have a smartphone. That percentage is only concerning adults; anyone still in school is not accounted for in the estimate. The vast majority of students at Metea Valley alone have a smartphone, as evidenced by teachers having to remind students to put away their phones during class. This affects all of us, not just adults. What the CIA is doing to this country affects everyone.
CIA • Apr 4, 2017 at 10:19 am
I think this is a step in the right direction.
The Diddler • Mar 23, 2017 at 8:01 am
What about Vault 111? Should we be worried about that one?
Gowtham S • Mar 17, 2017 at 2:29 pm
I hope the CIA didn’t find my browser history.
Vault guy • Mar 17, 2017 at 10:59 am
But Fallout is a game silly billy.
X3 • Mar 17, 2017 at 10:28 am
Honestly, this article is like most of the other articles on the leak (and the leak itself) – hyperbolic and clickbaity. The dump itself is merely an internal CIA wiki with documentation for their tools – the tools themselves are not included. There is nothing in the wiki that suggests that the CIA can easily break into smart TVs or smartphones – the purported Samsung Smart TV hack is somewhat interesting, but it is simply a modified firmware image that has to be updated via a flash drive (requiring physical access). This is true for the vast majority of the tools – they require physical access to a target device. This applies to the mobile tools too, which also target extremely out of date operating systems – Android 4.x and iOS 7/8 (both of which have numerous publicly-known vulnerabilities). IMO, the only thing that is interesting is the UEFI rootkit, but it’s not a new concept nor unique (some researchers have demonstrated even worse – SMM and Intel ME rootkits – as early as 2009) – I’m in the process of writing one.
As for the tools themselves, it is laughable to think that a spy agency would not have such capabilities. In fact, I would be somewhat concerned if they did not. There was nothing in the wiki that suggested that the tools were used to illegally spy on American citizens like the NSA. In fact, the documentation shows that the tools are only really useful in specific, targeted attacks (which is pretty much what you would expect).
It is also somewhat laughable to see the CIA as evil for “hoarding” zero days. If that’s the case, I guess I’m just as evil (have done some UEFI/SMM stuff), and so are many other researchers and developers. If teenagers on Twitter (Luca Todesco) can find zero days in recent versions of iOS (without reporting them to Apple), I guess the CIA can, too.
Technologically Adept • Mar 17, 2017 at 9:58 am
You spelled WikiLeaks wrong in the title.