WikiLeaks has published a new series of leaks called "Year Zero" that comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA. It contains a description of the specific techniques used by the CIA in monitoring and eavesdropping of mobile phones, computers and smart TVs.
Disclosed documents revealed that the CIA collects instructions on how to attack operating systems of computers and mobile phones, which allows them to access to such devices. Among the devices that are affected are even Samsung smart TVs. CIA was also looking at infecting the vehicle control systems used by modern cars and trucks.
What is the problem and who is affected?
Published vulnerabilities are based on “zero day” attacks (see in FAQ below for details). It affects all most used operating systems including Windows, iOS, Android and Linux. It’s claimed that they’re able to remotely activate the microphone of some smart TVs to eavesdrop sound from that room.
WikiLeaks #Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryptionhttps://t.co/h5wzfrReyy— WikiLeaks (@wikileaks) March 7, 2017
Affected are most users who are using common encryption apps (many of them are listed in the published articles). Security of these apps is based solely on encryption of transmitted data between the devices and does not cover data at rest. Basic encryption of data transmission is not a technical challenge anymore but it does not ensure the security. Most encryption apps use a lot of functions provided by the operating systems to store and handle your sensitive and confidential data directly on the mobile devices. In this case a hacker can access your data using the vulnerabilities in the operating systems.
Silentel implements many additional security features, not only the encryption of transmitted data but also to protect your data on the device itself. Silentel never stores sensitive and confidential data on the user’s device, not even the contact list. Silentel always uses the microphone with exclusive access – no other application can use the microphone when it’s used by Silentel. This means that no spyware or hacker will retrieve any sensitive information (like voice calls, text messages, files and contacts) from the user’s device or record sound directly from the microphone when using Silentel.
What to do and how to protect your privacy
The best advice what you can get is to stop using smart phones, computers and all other smart and intelligent technology. But we don’t believe that this is in any way possible. Smart modern technologies are everywhere around us and will only continue to grow (i.e. cars, intelligent home appliances, intelligent refrigerators).
These are three basic rules to always follow:
1. Revise applications that you’re using to protect your data and privacy
This case confirmed (once again) that there is a big difference between semi-secured apps and a complex security solution proven by many independent official certifications.
2. Never install unknown applications and applications from untrusted sources
This case also confirmed that stories about remotely activating the microphone in a mobile phone only by functions of operating systems are only rumours. Yes, such scenarios exist but hackers always need some malware or trojan installed on the user’s device.
3. Always install the latest updates
And finally, this case also proves that operating systems vendors don’t put backdoors in their software on purpose to help the national intelligence agencies. All published “Year Zero” vulnerabilities are possible only if you’re using not up-to-date software. If any backdoors were available the CIA wouldn’t need to rely on zero-day vulnerabilties with a very limited usable time frame.
Frequently asked questions
What’s “Vault 7”
“Vault 7” is code-name by WikiLeaks for a new series of leaks on the U.S. Central Intelligence Agency.
What’s “Year Zero”?
“Year Zero” is the first part of the series, introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.
What’s “zero day” attack?
A zero day vulnerability refers to a hole in software (in this case it refers to a hole in operating system of mobile phones, PCs and TVs) that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware of it and hurries to fix it.
wikileaks.org: Vault 7 - CIA Hacking Tools Revealed
wired.com: How the CIA Can Hack Your Phone, PC, and TV (Says WikiLeaks)