Can of Worms: CIA Malware for Hacking Phones and TV's 'Will Be Used by Hackers'

CC0 / / Hacker
Hacker - Sputnik International
WikiLeaks' Vault 7 release of documents about the CIA's hacking attacks on popular tech products is probably the most damaging yet for the tech industry, and will be used by hackers to exploit the vulnerabilities identified by the CIA, security expert John Safa told Radio Sputnik.

On Tuesday WikiLeaks released Vault 7, a collection of thousands of documents leaked from the CIA's Computer Operations Group.

The documents list the vulnerabilities of popular tech products and devices such as Android, Windows, iPhone and Samsung smart TVs. 

The CIA's covert hacking program has produced more than a thousand hacking systems, using an arsenal that includes trojans, viruses and other weaponized malware, including remote control systems, WikiLeaks said in a press release.

For example, the CIA's Embedded Devices Branch (EDB) and the United Kingdom's MI5/BTSS agencies have developed a system called "Weeping Angel" which can penetrate smart TVs and turn them into covert microphones that listen in on conversations held at home.

"The CIA's Mobile Devices Branch (MDB) has developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone," Wikileaks reported.

The lobby of the CIA Headquarters building in McLean, Virginia. - Sputnik International
CIA Hackers: Why WikiLeaks 'Vault 7' Becomes a Wake-Up Call For Users, IT Giants
The Vault 7 leak is probably the most significant leak yet on tech privacy and security and a comparable scandal is that which surrounded Sony's DRM Rootkit software tool in 2005, John Safa, security expert and founder of Pushfor, a secure messaging and content sharing platform for businesses, told Radio Sputnik.

"The hacking community will use this information to then create new vulnerabilities. So, effectively you are educating a lot of hackers out there in how to cause damage," Safa said.

Manufacturers like Apple, Google, Microsoft and Samsung will have to act quickly to fix the vulnerabilities revealed in Vault 7. 

Apple and Google have sought to reassure users that recent updates have already fixed many of the vulnerabilities identified by the CIA. All the companies have promised to work to address any further weaknesses.

Safa said corporate organizations will be greatly affected because programs like WhatsApp are widely used in the corporate world and could be subject to data breaches.

Vladimir Putin speaks by phone (File) - Sputnik International
Russia Takes Into Account WikiLeaks Report of CIA Attempts to Wiretap Putin
WhatsApp and similar free applications use public cloud servers, often based in the US, which give hackers the opportunity to breach security and gain access to messages before they reach somebody's device and are encrypted. 

"If you can do that and exploit the vulnerabilities of the phone, then they can do whatever they want," Safa said.

"I don't think it (Vault 7) has been hacked, I think it's been leaked and the leak has probably occurred by people working internally. Significant amounts of content leakage is normally done by people working internally within an organization. It's obviously caught them very unaware. I think the difficulty for security services is that now this information is in the hands of hackers they will be able to exploit this information as well," Safa said.

Have you heard the news? Sign up to our Telegram channel and we'll keep you up to speed! 

To participate in the discussion
log in or register
Заголовок открываемого материала