How the CIA sneaked into homes and pockets, turning TVs and smartphones against their users
‘Anyone who thought the CIA couldn’t hack into devices was living in a fantasy world’
The latest revelations about the US government’s powerful hacking tools potentially take surveillance right into the homes and pockets of billions of technology users worldwide, showing how a remarkable variety of everyday devices can be turned to spy on their owners.
Televisions, smartphones and even anti-virus software are all vulnerable to CIA hacking, according to WikiLeaks documents released Tuesday. The capabilities described include recording the sounds, images and private text messages of users, even when they resort to encrypted apps to communicate.
While many of the attack technologies had been previously discussed at cybersecurity conferences, experts were startled to see evidence that the CIA had turned so many theoretical vulnerabilities into functioning attack tools against staples of modern life. These include widely used Internet routers, smartphones, and Mac and Windows computers.
In the case of a tool called “Weeping Angel” for attacking Samsung smart TVs, WikiLeaks wrote, “After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.”
The CIA reportedly also has studied whether it could infect vehicle control systems for cars and trucks, which WikiLeaks alleged could be used to conduct “nearly undetectable assassinations.”
And a specialised CIA unit called the Mobile Devices Branch produced malware to control and steal information from iPhones, which according to WikiLeaks were a particular focus because of the smartphone’s popularity “among social, political, diplomatic and business elites.” The agency also targeted popular phones running Google’s Android, the world’s leading mobile operating system.
WikiLeaks said it redacted lists of CIA surveillance targets, though it said they included targets and machines in Latin America, Europe and the United States. The anti-secrecy group also said that by developing such intrusive technology - rather than helping tech companies patch flaws in their products - the CIA was undermining efforts to protect the cybersecurity of Americans.
“The argument that there is some terrorist using a Samsung TV somewhere - as a reason to not disclose that vulnerability to the company, when it puts thousands of Americans at risk - I fundamentally disagree with it,” said Alex Rice, chief technology officer for HackerOne, a startup that enlists hackers to report security gaps to companies and organisations in exchange for cash.
The trove released Tuesday, which could not be independently verified and which the CIA has declined to confirm, included 8,761 documents - the first batch in a series of planned releases, WikiLeaks said.
This first group, at least, has important differences from the 2013 revelations by former National Security Agency contractor Edward Snowden. His trove of documents largely described mass surveillance of Internet-based communications systems, while the WikiLeaks release more often describes attacks on individual devices.
By targeting devices, the CIA reportedly gains access to even well-encrypted communications on such popular apps as Signal and WhatsApp, without having to crack the encryption itself. The WikiLeaks reports acknowledged that difference by saying that the CIA had found ways to “bypass,” as opposed to defeat, encryption technologies.
“The idea that the CIA and NSA can hack into devices is kind of old news,” said Johns Hopkins University cryptography expert Matthew Green. “Anyone who thought they couldn’t was living in a fantasy world.”
Snowden’s revelations and the resulting backlash made strong encryption a major, well-funded cause for privacy advocates and, perhaps more important, technology companies that had the engineering expertise and budgets to protect data as it flowed across the world.
Encrypting apps for private messaging, such as Signal, Telegram and WhatsApp, exploded in popularity, especially among users around the world who were fearful of government intrusion. In the days after the US presidential election last fall, Signal was among the most downloaded programs in Apple’s app store, and downloads grew by more than 300 per cent.
Open Whisper Systems, which developed Signal, released a statement Tuesday saying, “The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption.”
WhatsApp declined to comment, and Telegram did not respond to requests for comment. Google declined to comment, while Samsung and Apple did not respond to requests for comment.
U.S. government authorities had complained loudly that the post-Snowden wave of encryption was undermining their ability to investigate serious crimes, such as terrorism and child pornography. The FBI in 2016 sued Apple in hopes of forcing it to unlock an iPhone used by the San Bernadino, California, killers before announcing, amid heavy public criticism, that it had other ways to crack the device.
Against that backdrop, many privacy advocates argued that devices - often called “endpoints” for their place in chains of communications that can criss-cross continents - were the best available targets in a world with widespread online encryption. The WikiLeaks documents suggest that the CIA may have reached the same conclusion.