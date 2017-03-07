WikiLeaks' CIA document dump shows agency can compromise Android, TVs

The website releases more than 8,700 documents it says are from a CIA cyber unit

|

Senior Editor, IDG News Service |

WikiLeaks has released thousands of documents it says are from the CIA.
Credit: Michelle Maher
Related

WikiLeaks has released more than 8,700 documents it says come from the CIA's Center for Cyber Intelligence, with some of the leaks saying the agency had 24 "weaponized" and previously undisclosed exploits for the Android operating system as of 2016.

Some of the Android exploits were developed by the CIA, while others came from the U.S. National Security Agency, U.K. intelligence agency GCHQ, and cyber arms dealers, according to the trove of documents released Tuesday. 

Some smartphone attacks developed by the CIA allow the agency to bypass the encryption in WhatsApp, Confide, and other apps by collecting audio and message traffic before encryption is applied, according to the WikiLeaks analysis.

The documents show the CIA "hoarding" undisclosed, or zero-day, exploits for a number of systems, despite promises from former President Barack Obama's administration to share the vulnerabilities with vendors, according to WikiLeaks analysis.

The CIA declined to comment on the authenticity of the leaks. The documents, which cover the years 2013 to 2016, amount to the "largest ever publication of confidential documents on the agency" and the "entire hacking capacity of the CIA," WikiLeaks claimed.

Some documents released describe how the spy agency used malware and hacking tools to target iPhones and smart television sets. Others detail the CIA unit's efforts to compromise Windows, Apple's OS X, Linux, and routers.

One attack, called Weeping Angel, targets Samsung smart TVs and was developed by the CIA and the U.K.'s MI5, according to WikiLeaks' analysis of the documents.

The Weeping Angel attack attempts to place the target TV in a "fake-off" mode to trick the owner into believing the devices is off when it is on. In the fake-off mode, the TV set can be used as a bug, recording conversations in the room and sending them over the internet to a CIA server.

In late 2014, the CIA was also looking for ways to infect vehicle software systems, according to one document.

The CIA unit's cyber weapons could create serious problems if the agency loses control of them, WikiLeaks editor Julian Assange said in a press release.

"There is an extreme proliferation risk in the development of cyber 'weapons,' he said. "Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade."

Samsung and Google, the creator of the Android operating system, didn't immediately respond to questions about potential CIA attacks against their products.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Grant Gross edits and assigns stories and writes about technology and telecom policy in the U.S. government for the IDG News Service. He is based outside of Washington, D.C.

Must read: 10 new UI features coming to Windows 10
You Might Like
Don't Miss
amd is ryzen
AMD's Ryzen processor forces hefty price cuts from Intel

AMD’s Ryzen processor isn’t out yet, but the buzz is so strong Intel is cutting its chip prices...

aws logo stock reinvent
AWS says a typo caused the massive S3 failure this week

Everyone makes mistakes. But working at Amazon Web Services means an incorrectly entered input can lead...

best buy geek squad car
Why you shouldn't trust Geek Squad ever again

The U.S. government reportedly pays Geek Squad technicians to dig through your PC for files to give to...

Resources
Top Stories
hci
Cisco reinforces HyperFlex hyperconvergence system with power, management

It has been almost a year since Cisco jumped into the hyperconverged arena and while the HyperFlex...

MWC HP HPE booth sign
HPE to pay $1 billion for Nimble Storage after cutting EMC ties

Hewlett Packard Enterprise plans to acquire Nimble Storage, a vendor of all-flash and hybrid flash...

01 workforce
7 musts for any successful BYOD program

Mobile devices, mobile apps and the networks they use are now essential to satisfy customers,...

chrome intro
How to remotely control your Windows 10 computer via Google Chrome

Google provides a free and powerful tool, Chrome Remote Desktop, that lets you connect to and control...