WikiLeaks' CIA document dump shows agency can compromise Android, TVs
Credit to Author: Grant Gross| Date: Tue, 07 Mar 2017 08:22:00 -0800
WikiLeaks has released more than 8,700 documents it says come from the CIA’s Center for Cyber Intelligence, with some of the leaks saying the agency had 24 “weaponized” and previously undisclosed exploits for the Android operating system as of 2016.
Some of the Android exploits were developed by the CIA, while others came from the U.S. National Security Agency, U.K. intelligence agency GCHQ, and cyber arms dealers, according to the trove of documents released Tuesday.
Some smartphone attacks developed by the CIA allow the agency to bypass the encryption in WhatsApp, Confide, and other apps by collecting audio and message traffic before encryption is applied, according to the WikiLeaks analysis.
The documents show the CIA “hoarding” undisclosed, or zero-day, exploits for a number of systems, despite promises from former President Barack Obama’s administration to share the vulnerabilities with vendors, according to the WikiLeaks analysis.
The CIA declined to comment on the authenticity of the leaks. The documents, which cover the years 2013 to 2016, amount to the “largest ever publication of confidential documents on the agency” and the “entire hacking capacity of the CIA,” WikiLeaks claimed.
Some documents released describe how the spy agency used malware and hacking tools to target iPhones and smart television sets. Others detail the CIA unit’s efforts to compromise Windows, Apple’s OS X, Linux, and routers.
One attack, called Weeping Angel, targets Samsung smart TVs and was developed by the CIA and the U.K.’s MI5, according to WikiLeaks’ analysis of the documents.
The Weeping Angel attack attempts to place the target TV in a “fake off” mode to trick the owner into believing the devices is off when it is on. In the fake off mode, the TV set can be used as a bug, recording conversations in the room and sending them over the internet to a CIA server.
In late 2014, the CIA was also looking for ways to infect vehicle software systems, according to one document.
The CIA unit’s cyber weapons could create serious problems if the agency loses control of them, WikiLeaks editor Julian Assange said in a press release.
“There is an extreme proliferation risk in the development of cyber ‘weapons,'” he said. “Comparisons can be drawn between the uncontrolled proliferation of such ‘weapons’, which results from the inability to contain them combined with their high market value, and the global arms trade.”
Samsung and Google, the creator of the Android operating system, didn’t immediately respond to questions about potential CIA attacks against their products.
http://www.computerworld.com/category/security/index.rss