Hackers are not the only criminals that possess the skills to hack into your devices; the CIA, according to WikiLeaks, can and has as well.
THE NSA, it seems, isn’t the only American spy agency hacking the world. Judging by a new, nearly 9,000-page trove of secrets from WikiLeaks, the CIA has developed its own surprisingly wide array of intrusion tools, too.
On Tuesday morning, WikiLeaks released what it’s calling Vault 7, an unprecedented collection of internal CIA files—what appear to be a kind of web-based Wiki—that catalog the agency’s apparent hacking techniques. And while the hoards of security researchers poring through the documents have yet to find any actual code among its spilled secrets, it details surprising capabilities, from dozens of exploits targeting Android and iOS to advanced PC-compromise techniques and detailed attempts to hack Samsung smart TVs, turning them into silent listening devices.
“It certainly seems that in the CIA toolkit there were more zero-day exploits than we’d estimated,”
says Jason Healey, a director at the Atlantic Council think tank, who has focused on tracking how many of those “zero-days”—undisclosed, unpatched hacking techniques—the US government has stockpiled. Healey says that he had previously estimated American government agencies might have held onto less than a hundred of those secret exploits.
“It looks like CIA might have that number just by itself.”
The leak hints at hacking capabilities that range from routers and desktop operating systems to internet-of-things devices, including one passing reference to research on hacking cars. But it seems to most thoroughly detail the CIA’s work to penetrate smartphones: One chart describes more than 25 Android hacking techniques, while another shows 14 iOS attacks.
Given the CIA’s counterterrorism work—and the ability of a phone exploit to keep tabs on a target’s location—that focus on mobile makes sense, Healey says.
“If you’re going to be trying to figure where Bin Laden is, mobile phones are going to be more important.”
The smartphone exploits listed, it’s important to note, are largely old. Researchers date the leak to sometime between late 2015 and early 2016, suggesting that many of the hacking techniques that may have once been zero days are now likely patched. The leak makes no mention of iOS 10, for instance. Google and Apple have yet to weigh in on the leak and whether it points to vulnerabilities that still persist in their mobile operating systems. Android security researcher John Sawyer says he has combed the Android attacks for new vulnerabilities and found “nothing that’s scary.”
He also notes, though, that the leak still hints at CIA hacking tools that have no doubt continued to evolve in the years since.
“I’m quite sure they have far newer capabilities than what’s listed,” Sawyer says.
Targeting Android, for instance, the leak references eight remote-access exploits—meaning they require no physical contact with the device—including two that target Samsung Galaxy and Nexus phones and Samsung Tab tablets. Those attacks would offer hackers an initial foothold on target devices: In three cases, the exploit descriptions reference browsers like Chrome, Opera, and Samsung’s own mobile browser, suggesting that they could be launched from maliciously crafted or infected web pages. Another 15 tools are marked “priv,” suggesting they’re “privilege escalation” attacks that expand a hacker’s access from that initial foothold to gain deeper access, in many cases the “root” privileges that suggest total control of the device. That means access to any onboard files but also the microphone, camera, and more.
The iOS vulnerabilities offer more piecemeal components of a hacker tool. While one exploit offers a remote compromise of a target iPhone, the WikiLeaks documents describe the others as techniques to defeat individual layers of the iPhone’s defense. That includes the sandbox that limits applications’ access to the operating system and the security feature that randomizes where a program runs in memory to make it harder to corrupt adjacent software.
“Definitely with these exploits chained together