WikiLeaks said the documents show the CIA’s hackers have developed malware to be able to hack into nearly any device people use and can remotely control iPhones, iPads, Android devices, taking video from their cameras and listening with their microphones.
Companies named in the leak, including Apple, Google, Microsoft and Samsung, said this week that they are investigating the claims and patching security holes.
“These exploits are in the wild now, everyone can use them, so everyone will”, said Gartner analyst and cybersecurity specialist Avivah Litan.
That’s the message coming out of the CIA following yesterday’s massive “Vault 7” intelligence dump by the whistleblowing site.
Assange ridiculed the CIA for failing to guard information about its online arsenal, allowing it to be passed around within the intelligence community.
“CIA’s mission is to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries”. “As these leaks show, we’re all made less safe by the CIA’s decision to keep-rather than ensure the patching of-vulnerabilities”. “And CIA does not do so”, Liu said. A sequence of USA intelligence leaks is starting to look less like a trend than the symptom of a deeper reality that nothing can be kept secret by anyone.
On Tuesday WikiLeaks revealed 8,761 documents and files – but not source code, names, email addresses and external IP addresses – from what is said is “an isolated, high-security network” inside the Central Intelligence Agency.
According to officials, federal budget constraints had led to a rapid rise in the number of people with access to information with the highest classification of secrecy.
It was not clear how WikiLeaks planned to cooperate with tech companies, which had asked to work with it and which would accept Assange’s offer. Just like zero day exploits, anybody with the right knowledge-regardless of whether they have good or ill intent-would be able to exploit an encryption backdoor. They questioned whether Assange was attempting to further drive a wedge between the technology industry and the US government.
“There is absolutely nothing illegal in the contents of any of this stuff”, writes security expert Bruce Schneier. While not formally charged in the US, he has said he fear he’ll be arrested if and when he exit Ecuador’s embassy in London and ultimately tried for espionage over his role in Manning’s leaks and other disclosures. “But we know they’ve had it for some time and haven’t done so”. That means tech companies would be unlikely to face any legal liability for digging deeper with WikiLeaks.
Apple declined to comment on Assange’s statements.
What’s more, the exploits it detailed were manageable enough that Apple had already patched many of them, the company told HuffPost in a statement.
“Our products and software are created to quickly get security updates into the hands of our customers, with almost 80 per cent of users running the latest version of our operating system”.
Justin Cappos, a computer security professor in New York University’s Tandon School of Engineering, said any group that had this information first – whether it was WikiLeaks or a government agency – should have worked to disclose it to tech companies before making it public. The leaked technology may serve as a deterrent for some USA adversaries who are tempted to ramp up their own offensive cyberoperations in the future, according to Larry Johnson, a Secret Service veteran and chief strategy officer at the cybersecurity firm CyberSponse.