The CIA is allegedly using “weaponized” hacking tools to break into phones, televisions and other devices, according to documents released by WikiLeaks, once again raising major concerns about privacy.
WikiLeaks said that part one of the documents “already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.” Despite the extraordinary scale, post-Snowden, the Vault 7 revelations serve mainly as a reminder of the difficulty in ensuring security across a hyper-connected world.
“Of course the CIA, and probably most of the world’s spy agencies, are looking for vulnerabilities and attempting to exploit them,” Vince Steckler, CEO of security firm Avast, said in an emailed comment to Newsweek . “This news…merely confirms nation-state capabilities. The latest set of leaks actually serves to bring to our attention the very real challenge of securing targeted platforms,” he added.
While security experts have called for industry collaboration and open platforms between security vendors and mobile operating systems, they also have advice for people concerned that they might be being spied on. In order to avoid giving hackers easy access to spy on you, security experts provided the following advice to Newsweek:
Always update your devices to the latest version of firmware, especially if the update lists security fixes.
Do not root or jailbreak your phone, ie., don’t remove software restrictions imposed by the manufacturer’s operating system.
Only download apps from legitimate stores—iTunes or Google Play.
Be careful when opening attachments or clicking on links in email messages.
If you are a business then make sure that your organization has solid email security solutions in place, including advanced threat protection capabilities. More than 90 percent of attacks start with the email.
Do not browse websites you are not familiar with and assure that they are secured with the valid certificate—look for the padlock icon/ green bar in the browser.
Security researchers say it is hard to know if your device has already been compromised. Wieland Alge, a manager at Barracuda, suggests the only truly safe approach is to abandon modern technology.
However, if a completely Luddite approach doesn’t suit, you can make some changes. “If you work on the basis that you suspect someone is eavesdropping or wiretapping you, then you should quickly change your attitude and behavior quite dramatically towards these devices,” Alge tells Newsweek.
Alge suggests using cheap TVs with limited functionality, changing your mobile phone and SIM card regularly, and avoiding smart cars.
“This all could be unrealistic in this day and age,” Alge says. “However if you feel you are compromised and need to stay secure, unfortunately this could be the only way to do so.”
The Vault 7 documents dumped by WikiLeaks allege if a device has already been compromised, then encryption techniques used by messaging apps like WhatsApp to keep conversations private are effectively obsolete.
WhatsApp has said it is looking into the matter, but privacy groups have stood behind the push many tech companies have taken towards digital security.
It is likely that any CIA’s hacking tools are only being used against a select number of people and will not affect most users of these apps, according to Ed Johnson-Williams, a privacy advocate at Open Rights Group.
“If the CIA is so interested in you personally that they would hack your phone, then yes you are vulnerable to attack. This is not new,” Johnson-Williams said in a blogpost.
“Most of us, however, are not national security journalists reporting on sensitive state secrets so the CIA hacking our phone is very unlikely. We can and should still use encrypted messaging apps to help keep our messages private and secure from people who aren’t as powerful and well-resourced as the CIA.”