Can of Worms: CIA Malware for Hacking Phones and TV's 'Will Be Used by Hackers'

On Tuesday WikiLeaks released Vault 7, a collection of thousands of documents leaked from the CIA's Computer Operations Group.

The documents list the vulnerabilities of popular tech products and devices such as Android, Windows, iPhone and Samsung smart TVs. 

The CIA's covert hacking program has produced more than a thousand hacking systems, using an arsenal that includes trojans, viruses and other weaponized malware, including remote control systems, WikiLeaks said in a press release.

For example, the CIA's Embedded Devices Branch (EDB) and the United Kingdom's MI5/BTSS agencies have developed a system called "Weeping Angel" which can penetrate smart TVs and turn them into covert microphones that listen in on conversations held at home.

"The CIA's Mobile Devices Branch (MDB) has developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone," Wikileaks reported.

The Vault 7 leak is probably the most significant leak yet on tech privacy and security and a comparable scandal is that which surrounded Sony's DRM Rootkit software tool in 2005, John Safa, security expert and founder of Pushfor, a secure messaging and content sharing platform for businesses, told Radio Sputnik.

"The hacking community will use this information to then create new vulnerabilities. So, effectively you are educating a lot of hackers out there in how to cause damage," Safa said.

Manufacturers like Apple, Google, Microsoft and Samsung will have to act quickly to fix the vulnerabilities revealed in Vault 7. 

Apple and Google have sought to reassure users that recent updates have already fixed many of the vulnerabilities identified by the CIA. All the companies have promised to work to address any further weaknesses.

Safa said corporate organizations will be greatly affected because programs like WhatsApp are widely used in the corporate world and could be subject to data breaches.

WhatsApp and similar free applications use public cloud servers, often based in the US, which give hackers the opportunity to breach security and gain access to messages before they reach somebody's device and are encrypted. 

"If you can do that and exploit the vulnerabilities of the phone, then they can do whatever they want," Safa said.

"I don't think it (Vault 7) has been hacked, I think it's been leaked and the leak has probably occurred by people working internally. Significant amounts of content leakage is normally done by people working internally within an organization. It's obviously caught them very unaware. I think the difficulty for security services is that now this information is in the hands of hackers they will be able to exploit this information as well," Safa said.

Have you heard the news? Sign up to our Telegram channel and we'll keep you up to speed!