LegalRegulationSecuritySurveillance-IT

Wikileaks Documents Claim CIA Can Hack Samsung TVs, iPhones and iPads

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Watching TV but who is watching you? CIA allegedly uses Samsung TVs to spy on citizens

Whistleblowing website Wikileaks has published thousands of files that are claimed to be classified documents belonging to the Central Intelligence Agency (CIA).

The documents expose the secret hacking tools the CIA uses in order to gain access to smartphones, computers and even smart televisions (TVs connected to the Internet).

The is no official confirmation so far of the authenticity of the files, but it is worth noting that prior WikiLeaks releases that have divulged government secrets have since been acknowledged as genuine.central intelligence agency cia

Spy TV

According to WikiLeaks, the leaked documents are dated between 2013 and 2016 and came from “an isolated, high-security network” inside the CIA’s Center for Cyber Intelligence (which is the agency’s cyber defence and cyber offence division).

A total of 7,818 web pages with 943 attachments have been published, and the files were said to have been “circulated among former US government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

Of course, Wikileaks has not identified the culprit behind the leaks, so the data leak could still be the result of either the hacking of a foreign intelligence agency, a rogue employee, or the theft of a third party server where that data was temporarily held.

It seems that the CIA, in conjunction with other US and foreign agencies, created a number of hacking tools to exploit vulnerabilities with Windows-based PCs and laptops.

But Apple iPhones and iPads, Google’s Android smartphones, Cisco routers and Samsung Smart TVs have also been compromised.

Even worse is the news that the CIA was able to bypass the encryption on popular messaging apps such as WhatsApp, Telegram and Signal. The files did not indicate the actual encryption of these messaging apps had been compromised.

In one case US and British personnel, under a program known as Weeping Angel, developed ways to take over a Samsung smart television. The TV for all intents and purposes seems to be switched off, but in actual fact its microphone can record conversations in the room.

The CIA and White House declined to comment. “We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu was quoted by Reuters as saying.

Expert Take

The consensus among security experts is that the Wikileaks materials appears to be genuine, and there seemed to be little surprise at the revelations.

“I am bit surprised that this particular incident has attracted so much attention,” said Ilia Kolochenko, from web security firm, High-Tech Bridge. “The CIA, like any other governmental intelligence agency, uses and will continue using various hacking tools and techniques to obtain any information they need to protect the country. This is their duty.

“So far, we don’t have any evidence that these capacities were used unlawfully, for example to violate reasonable expectation of privacy of innocent US citizens or for illicit interference with elections,” said Kolochenko.

“I am pretty confident that US intelligence have much bigger technical resources than the garbage exposed in the leak,” said Kolochenko. “Also, intelligence agencies cooperate in many areas, including cybersecurity and cyber warfare. Therefore, the CIA’s collaboration and knowledge sharing with other agencies, such as the MI5, is obvious and is a common practice.

“It’s no surprise that the CIA is using these hacking techniques. What is unsuspected is the leak, and it’s huge,” he concluded.

Another expert wondered who was responsible for the leaks.

“So the question is who leaked it to Wikileaks? The Russians, an insider? We don’t know the answer,” asked Mikko Hypponen of F-Secure. “Another question we need to ask us, why was it leaked now? We don’t know this either.”

“In countries like the US, the Intelligence Agency’s mission is to keep the citizens of their country safe,” said Hypponen. “The Vault7 leak proves that the CIA had knowledge of iPhone vulnerabilities. However, instead of informing Apple, the CIA decided to keep it secret.

“So the leak tells us a bit about how the CIA decided to use its knowledge: it considered it more important to keep everybody unsecure than protecting its citizens from the vulnerability, and maybe use the vulnerability for its own purposes or counter terrorism purposes,” he said.

Take our Internet security quiz!