Seven reasons to distrust your devices: these are the secrets of espionage of the CIA
The leaks by Edward Snowden that in 2013 showed how the NSA and other intelligence agencies spied on us already shook our world, but the revelation yesterday of Vault 7 and the almost 9,000 CIA secret documents has again demonstrated that such bodies attack All kinds of devices – your Smart TV, your smartphone, and soon your car connected – to collect data and to control those products at will for all kinds of purposes.
These filtered documents make it clear that we should be even more concerned about our privacy and security. Privacy, we said a long time ago, is necessary, and it is easy to dismantle the argument of ‘I have nothing to hide’ that now comes back to us with revelations that make us distrust more than ever in our devices. Some devices that listen to us even when we do not want them to do it, namely for what. These are the reasons that should make you distrust them.
1. Vault 7 consists of 7 parts: these 9,000 documents are just one of them
The first thing to keep in mind is that this document leak between 2013 and 2016 is only the first of a set of seven large confidential data leaks that are likely to have an even greater reach than many would imagine.
It is difficult to think what more can be revealed than those documents that are missing to be revealed, because the truth is that the 8,761 confidential files extracted from the CIA servers make it clear that if this agency wants it will be difficult to avoid spying on you.
The novelty is not that our devices are vulnerable: any cybercrime with sufficient motivation, time and resources will be able to access virtually any device of the plan. The novelty is that it is the CIA that does it, threatening the security and privacy of both American and non-US citizens.
2. Rear doors: they are born, reproduce and the US government. Leaves them open
Edward Snowden commented on Twitter that the first major revelation of these documents was the demonstration that US intelligence agencies not only try to leverage software back doors: they create them and leave them open.
As the experts point out, there is another intrinsic problem to these leaks: the fact that those security holes that have been revealed and that the CIA has taken advantage of or can take advantage of can remain open. Other hackers or cybercriminals could take advantage of them for their own benefit. It’s like a big Pandora’s box of vulnerabilities.
3. If you have an iOS or Android based device, you are exposed
One of the documents showed, for example, data on iOS exploits, the operating system that governs iPhones or iPads, and that with names such as Archon, Dyonedo, Earth or Elderpiggy (there are many more) allowed to exploit critical vulnerabilities in devices that were used to spy Journalists and human rights groups.
Some of these exploits were not even developed by the CIA, but they were directly purchased from cybercriminals and then exploited on iPhone that interested “keep controlled.” Agencies such as the NSA or GCHQ (British intelligence) were also involved in garlic.
What happens on iOS devices also happens on smartphones and devices based on Android, for which the CIA had a list of tools that exploited vulnerabilities present in for example in Chrome to have the ability to control those devices remotely and Complete or at least partially.
4. If you have a computer based on Windows, MacOS or Linux, you are exposed
The postPC era does not exist for the CIA, whose efforts to infect all kinds of products with malware that allow access to their resources remotely do not seem to end.
One of the documents shows various techniques to try to exploit vulnerabilities in systems such as UAC (User Account Control), although the detailed information seems not to be available in Wikileaks pages, probably so that others can not take advantage of even more code and information Detailed.
The ‘zero day’ vulnerabilities are in that repertoire, as well as viruses such as Hammer Drill that infects software from CDs and DVDs (two types of increasingly disused format, yes), or infections for USB memory.
Windows systems are not alone affected: macOS (OS X), Solaris and Linux are also part of the systems that the CIA wanted to have controlled with tools like HIVE, a suite of malware aimed at controlling computers based on these platforms.
5. If you have a Smart TV you could be exposed
New, connected or “smart” televisions have made it possible for us to directly access a large amount of content in a comfortable way, but they have also introduced a clear threat to users, both by manufacturers and the CIA, who also wanted Take advantage of the popularity of these devices.
Stories of terror increase now that we know that the CIA actually had a program called “Weeping Angel” that they talked about in detail in The Intercept and that it was destined to be able to remote access to Samsung Smart TVs to enable for example its microphone of Remotely even when the TV was turned off for the user. That was the so-called ‘Fake-off mode’.
Although no other brands are mentioned, that same program could be applied (or adapted) to other manufacturers’ Smart TVs, and is that, as cybersecurity and cipher expert Kenneth White says, Smart TVs “are historically a fairly simple objective and a platform Of pretty good attack “. In fact, this expert said that “there is zero chance that the CIA will only target Samsung Smart TVs. It is too easy to modify other embedded operating systems.”
6. Zero Days and Unfulfilled Promises
Among the most famous vulnerabilities are ‘zero days’, software vulnerabilities that are discovered by someone but not revealed to the manufacturer. This type of security holes are especially valuable to cybercriminals, who often sell them to the highest bidder or even to the manufacturer with direct industrial blackmail.
In the United States the Obama administration created precisely a process that forced its agencies to communicate such discoveries to companies to avoid problems for both these companies and users of their products.
The filtered “Year Zero” documents (this first batch) reveal that the CIA took exception to this government commitment, and in fact reveal how for example the malware discovered in these documents would allow “to penetrate, infest and control both the phone software Android as iOS that runs or has run on the Twitter account of the President of the United States, probably in clear allusion – without making it directly – to the danger that this could mean for Donald Trump, who continues to use Twitter frequently.
7. WhatsApp, Telegram or Signal are “secure”, but are not the devices in which we use them
Various messaging applications have long been offering end-to-end encryption systems in their communications. WhatsApp, Telegram or Signal are among the best known, but the problem is not that they are, because the CIA can also spy on the messages that are sent when using them.
How do they do that? Easy: because they already have control of iOS and Android, the mobile platforms on which those applications run, and that precisely gives access to a lower software layer from which to control also such transfers of text and files.
In fact those applications are as secure as the devices in which they are used. If the operating system can be controlled by a third party, the messages can be read before being encrypted and sent. WhatsApp or Signal encryption works, but malware does cheat as usual.