United States | What do I need to know about the CIA's hacking program?
The CIA is dealing with fresh allegations of hacking personal data. Photo: Reuters
The CIA is dealing with fresh allegations of hacking personal data. Photo: Reuters

What do I need to know about the CIA’s hacking program?

In the wake of WikiLeaks' claims that the CIA is hacking iPhones, TVs and other devices, here are answers to some of the questions consumers are asking

March 9, 2017 12:23 AM (UTC+8)

This week, WikiLeaks released what it says are thousands of documents that describe internal CIA discussions on the hacking techniques it uses to circumvent security on electronic devices for spying.

And while the contents of the published documents could not be immediately verified, the following are some questions and answers users of consumer electronics may have.

Q: Are the documents authentic?

A: It appears at least some are real. While the CIA has declined to comment, independent cybersecurity experts and former intelligence agency employees who have looked through them say that they appear to be authentic, citing code words used to describe CIA hacking programs.

Q: What did we learn about the CIA’s hacking program?

A: WikiLeaks published documents that it says describe CIA tools for hacking into devices including mobile phones, computers and smart televisions.

Q: How can you hack a TV?

A: WikiLeaks said it identified a project known as Weeping Angel where US and British intelligence agencies developed ways to take over Samsung smart TVs equipped with microphones, forcing them to record conversations when the device appeared to be turned off. Experts have long said smart TVs and other internet-connected devices can be exploited to monitor a target.

Q: Are these revelations new?

A: While the specific details are new, it is well known in the cybersecurity community that intelligence agencies are constantly trying to leverage flaws in technology products to conduct espionage.

Q: The documents suggest that the CIA can access information in encrypted messaging apps such as WhatsApp and Signal. I thought they were safe from even government spying?

A: No system is perfect. The documents describe ways to get information in those apps on Android devices, but only after gaining full control of those phones. Reuters has not found evidence in the documents released by WikiLeaks that the CIA had figured a way to break the encryption in those apps.

Q: Are iPhones also vulnerable?

A: The documents discuss ways to get into iPhones as well. One appeared to show a list of Apple iOS security flaws purchased by US intelligence agencies so they could gain access to those devices.

Q: What should I do if I’m worried?

A: Most people do not need to worry about being targeted by intelligence agencies. But everybody should stay on top of software patches so all their computers, mobile phones and other connected devices are running software with the latest security updates. Consumers should balance security concerns with their need to use smart devices.

Q: Is this as big as the leaks from former National Security Agency contractor Edward Snowden?

A: The Snowden leaks revealed that the NSA was secretly collecting US call metadata on ordinary Americans. The materials released by WikiLeaks this week did not appear to reveal the existence of unknown any unknown programs. Instead they supplied details on how US intelligence agencies work to discover and exploit security flaws to conduct espionage.

Q: How did WikiLeaks get the information?

A: Unclear. Someone inside the agency may have leaked the information. Or, someone outside may have figured out a way to steal it.

Comments