Accessibility links

Alleged CIA Hacking Techniques Lay Out Online Vulnerability 


FILE - CIA Director Mike Pompeo testifies before a Senate Intelligence hearing during his nomination process, in Washington, Jan. 12, 2017.

If this week’s WikiLeaks document dump is genuine, it includes a CIA list of the many and varied ways the electronic device in your hand, in your car, and in your home can be used to hack your life.

It’s simply more proof that, “it’s not a matter of if you’ll get hacked, but when you’ll get hacked.” That may be every security expert’s favorite quote, and unfortunately they say it’s true. The WikiLeaks releases include confidential documents the group says exposes “the entire hacking capacity of the CIA.”

The CIA has refused to confirm the authenticity of the documents, which allege the agency has the tools to hack into smartphones and some televisions, allowing it to remotely spy on people through microphones on the devices.

Watch: New Generation of Hackable Internet Devices May Always Be Listening

WikiLeaks also claimed the CIA managed to compromise both Apple and Android smartphones, allowing their officers to bypass the encryption on popular services such as Signal, WhatsApp and Telegram.

For some of the regular tech users, news of the leaks and the hacking techniques just confirms what they already knew. When we’re wired 24-7, we are vulnerable.

“The expectation for privacy has been reduced, I think,” Chris Coletta said, “... in society, with things like WikiLeaks, the Snowden revelations ... I don’t know, maybe I’m cynical and just consider it to be inevitable, but that’s really the direction things are going.”

The internet of things

The problem is becoming even more dangerous as new, wired gadgets find their way into our homes, equipped with microphones and cameras that may always be listening and watching.

One of the WikiLeaks documents suggests the microphones in Samsung smart TV’s can be hacked and used to listen in on conversations, even when the TV is turned off.

Security experts say it is important to understand that in many cases, the growing number of wired devices in your home may be listening all the time.

“We have sensors in our phones, in our televisions, in Amazon Echo devices, in our vehicles,” said Clifford Neuman, the director of the Center for Computer Systems Security, at the University of Southern California. “And really almost all of these attacks are things that are modifying the software that has access to those sensors, so that the information is directed to other locations. Security practitioners have known that this is a problem for a long time.”

Neuman says hackers are using the things that make our tech so convenient against us.

“Certain pieces of software and certain pieces of hardware have been criticized because, for example, microphones might be always on,” he said. “But it is the kind of thing that we’re demanding as consumers, and we just need to be more aware that the information that is collected for one purpose can very easily be redirected for others.”

Tools of the espionage trade

The WikiLeaks release is especially damaging because it may have laid bare a number of U.S. surveillance techniques. The New York Times says the documents it examined lay out programs called “Wrecking Crew” for instance, which “explains how to crash a targeted computer, and another tells how to steal passwords using the autocomplete function on Internet Explorer.”

Steve Grobman, chief of the Intel Security Group, says that’s bad not only because it can be done, but also because so-called “bad actors” now know it can be done. Soon enough, he warns, we could find our own espionage tools being used against us.

“We also do need to recognize the precedents we set, so, as offensive cyber capabilities are used ... they do give the blueprint for how that attack took place. And bad actors can then learn from that,” he said.

So how can tech-savvy consumers remain safe? Security experts say they can’t, and to remember the “it’s not if, but when” rule of hacking.

The best bet is to always be aware that if you’re online, you’re vulnerable.

XS
SM
MD
LG