WikiLeaks released explosive documents in it Vault 7 dump, accusing the CIA of hacking iPhone and Android smartphones, apart from PCs, tablets, and Smart TVs, to spy on people across the world. A serious breach to privacy, WikiLeaks alleges that the intelligence agency adopted unethical hacking techniques to appear as hackers from foreign countries like Russia to get access to the aforementioned devices across the globe.
Tech companies like Apple, Samsung, Google, Microsoft, WhatsApp, Signal, Telegram, and Weibo were highlighted in the WikiLeaks documents to have been affected by the CIA hack. The agency's unethical hacking and surveillance have been detailed in the documents, which reveals the infiltration codes and details the strategies that the agency used to turn smartphones, tablets, smart TVs, PCs, laptops and even vehicles with remote control navigation systems into recording devices.
The WikiLeaks CIA dump served to highlight how tech companies were unwitting participants in the hacking, for failing to provide strict enough security to prevent such surveillance. WikiLeaks claims that iPhones and Google's Android phones (made by Samsung, Sony, and HTC specifically) were compromised through these hacking techniques, and since the two operating systems together hold majority of the smartphone stake in the world - the surveillance programme may have been the biggest breach in recent times.
WikiLeaks has posted 8,761 documents and files obtained from CIA's Center for Cyber Intelligence. This is the first part of the "Vault 7" series of leaks, and is being called "Year Zero". The documents cover hacking incidents from 2013 to 2016 period, and contain code, malware, and zero-day security vulnerabilities known.
Apple has fixed most flaws already
Soon after the leak, Apple issued a statement claiming that "many" of the vulnerabilities in iOS mentioned in the dump had already been fixed, and that the Apple team is rapidly ironing out all flaws that were revealed to have been known by the CIA. BuzzFeed reporter John Paczkowski tweeted Apple's statement that read, "Apple is deeply committed to safeguarding our customers' privacy and security. The technology built into today's iPhones represents the best data security available to consumers, and we're constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates."
Samsung, Microsoft, Google, and WhatsApp are 'looking into the matter'
According to USA Today, "Microsoft, Google, Samsung and WhatsApp said they are looking into the matter," but no specific statement has been made on the matter.
Telegram says its encryption is not compromised
Furthermore, once these devices are compromised, WikiLeaks alleges that the CIA can also access into several noted communication apps like WhatsApp, Weibo, Telegram, Confide, and Signal. However, it in no way claims that it could crack the encryption layer set by these apps to protect data, but just snoop in because, well, they have broken into the phones that have these apps installed.
Telegram decided to respond to this misunderstanding, and notes on its blog "Year Zero is not an app issue. It applies to devices and operating systems and will require security updates from their respective manufacturers to mitigate the threats. Naming any particular app in this context is misleading." The app makers also advice consumers to not use rooted or jailbroken devices, and install various security software required to keep malware at bay. Read the full statement on the Telegram site.
Signal is happy that end-to-end encryption still stands strong
Signal creator Moxie Marlinspike told the NY Mag, "For us, [it's] confirmation that the things we're doing are working. End-to-end encryption has pushed intelligence agencies away from undetected and unfettered mass surveillance to where they have to use high-risk and targeted attacks."