On Tuesday, we all got a little less comfortable sitting next to the electronics in our home when WikiLeaks dropped a bombshell report detailing how the CIA could spy on people by taking advantage of vulnerabilities in our devices. The report uncovered ways the CIA could hack into everything from computers and phones to routers and smart TVs. Now, some of the tech companies named in the report are trying to offer some peace of mind with their reactions.
Dubbed Vault 7, the report contained claims like how the CIA’s Engineering Development Group took advantage coding loopholes in iOS and Android devices that let them spy on voice and text recordings. The group could even hack into messages sent via encrypted apps like Signal and Whatsapp by targeting vulnerabilities in the operating systems themselves prior to encryption.
Apple reacted with a statement on Tuesday that a vast majority of the issues identified in the leaks were fixed in the latest iOS update January 23rd. So you should install that most recent iOS update now if you haven’t already.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” an Apple spokesperson said in a statement to TechCrunch. “We always urge customers to download the latest iOS to make sure they have the most recent security updates”
Google also responded they’d patched the problems – though they didn’t specify when.
“As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities,” said Heather Adkins, director of information security and privacy, in a statement to USAToday. “Our analysis is ongoing and we will implement any further necessary protections. We’ve always made security a top priority and we continue to invest in our defenses.”
Another claim contained in Vault 7, dubbed Weeping Angel, outlined how the CIA could hack into Samsung TVs and put it into a “false off” mode while listening in on conversations of unsuspecting victims. Now Samsung released a statement saying they’re looking into the vulnerability.
“Protecting consumers’ privacy and the security of our devices is a top priority at Samsung,” reads Samsung’s statement to the BBC. “We are aware of the report in question and are urgently looking into the matter.”
WikiLeaks’s data dump on Tuesday included 8,761 documents and files obtained from CIA’s Center for Cyber Intelligence. The whistleblower organization claims the data dump is only the first part of the Vault 7 series and is being called Year Zero. They cover hacking incidents from 2013 to 2016.
We can expect more dirt to come. On the heels of Edward Snowden’s revelation of just how much data the NSA was collecting on US citizens, this has got to come as another black eye for federal agencies. Not only do they need to deal with the fallout this will cause with Silicon Valley and the public’s trust. The claims raise serious questions about whether their tactics present government overreach.
WikiLeaks editor in chief Julian Assange stated the source of the leaks wanted to take the CIA’s actions to the public for judgement.
“In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency,” Assange wrote.
Assange also said he wanted to help the tech companies named in the report fix their vulnerabilities to protect against further CIA spying. In a Facebook Live event on Thursday, he said he would give the companies technical details of the hackings in a show of support.
“Considering what we think is the best way to proceed and hearing these calls from some of the manufacturers, we have decided to work with them to give them some exclusive access to the additional technical details that we have so that the fixes can be developed and pushed out, so people can be secure,” Assange said during the video stream.