The world of cyber security has been experiencing a category 5 hurricane ever since WikiLeaks released a huge cache of classified documents in its latest installments of leaks.
The files, labeled as Vault 7, detail how the security loopholes in some consumer electronics devices were exploited by the Central Intelligence Agency, aka CIA, to spy on their owners in the name of national security.
The recent leaks reveal how, for years, CIA was busy hacking into many consumer electronics devices, including Wi-Fi routers, Samsung Smart TVs, iPhones and Android-powered devices.
According to the documents, the agency employed specialized tools to exploit the security vulnerabilities in these devices and recorded videos, audio conversations, text messages, or anything that could help them keep tabs on the owners of those devices.
The report testifies that these tools were capable enough to bypass even encrypted messengers like WhatsApp and Signal to name a few.
Technically, the tools employed by CIA did not bypass the encryption itself but exploited the sweet (vulnerable) spots of the device’s Operating Systems and hacked the data before the encryption kicked in.
According to WikiLeaks, many malwares and hacking tools were developed by EDG (Engineering Development Group), one of CIA’s own software development group, while some tools and applications were acquired from other government agencies or third-party dealers.
The CIA dubbed these third-parties as their partners, and used codenames like SurfsUp, Peppermint, Anglerfish and Fangtooth.
Forbes reported that these vulnerabilities are worth a lot in the market, i.e., over $1 million for every bug.
Severity of the Leaks
Security analysts and experts expressed that the latest episode of WikiLeaks file dump should be given the same level of gravity as it was given in 2013 when the infamous leaker Snowden revealed NSA’s unsolicited surveillance, or the 2013 Chalsea Manning case of leaking a quarter million classified documents.
The malware created by CIA for hacking into users’ personal gadgets are so effective that they can safely bypass even the most popular security programs.
The notorious Vault 7 further unveils critical materials labeled as Personal Security Products (PSP), listing the personal security tools that have vulnerabilities that CIA has been exploiting for years. These tools include popular names like Kaspersky, AVG, Avira, and Comodo to name a few.
Ever since these frightening revelations by WikiLeaks, tech giants are burning midnight oil to develop security patches and other counter measures to fight off this threat and calm the end users.
In fact, Intel has taken the lead by developing a security tool that identifies EFI (Extensible Firmware Interface) rootkits. These rootkits are malware that affect the system’s low-level firmware, and their job is to place malicious code directly into the kernel of an Operating System.
As a result, any malware can be restored and re-infect the system even if the OS is reinstalled from the scratch.
Amongst Different OSs, Android Attracted the Most Exploits
The popular Smartphone Operating System, Android, enjoys a major market share in the Smartphone industry. Perhaps, that’s what makes it one of the important targets for the Central Intelligence Agency.
Amongst the many exploits reported by WikiLeaks, a good chunk of those exploits were especially developed to break into Android devices and applications.
- Chronos, purchased from Anglerish, exploits the security weaknesses of Android devices that are running on 4.0
- Dugrito, another tool by Anglerfish, is a remote access exploit that hits devices running 4.0 – 4.1.2
- Flamekimmer, a tool by SurfsUp, hits devices that use Broadcom Wi-fi chipsets, running OS 4.4.4
- RCE bugs, by Anglerfish, Fangtooth, NSA and GCHQ, are remote access exploits that can be used for hacking into any device from anywhere
- Dragonfly, currently no information available except that it is a RCE bug for Android security exploits
- Sulfur, by Fangtooth, one of the most critical exploits that hits the kernel files of Android, leaking information remotely
- RoidRage, another tool that allows hackers to have remote access of the hacked device
At first, WikiLeaks provided detailed information on these Android exploits by CIA but it later redacted the pages to prevent the actual codes from getting into the wrong hands.
Does it Make Android Completely Vulnerable to Exploits
Image Credits: Extremetech.com
While talking to Forbes, CheckPoint Head of Mobile Security Michael Shaulov pointed that although there are many exploits that Google must address, these exploits don’t seem to affect devices that are running operating systems version 4.4.4 and the versions after.
In fact in a statement to ZDNet, Google’s director of information security and privacy reportedly said that “As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities.”
He further added, “Our analysis is ongoing and we will implement any further necessary protections. We’ve always made security a top priority and we continue to invest in our defenses.”
The Leaks Haven’t Ended There
Just after a few days of this seemingly altruistic move, Julian Assange, the founder of WikiLeaks, promised to handover details on CIA’s hacking tool to tech giants. The statement by the WikiLeaks founder is keeping the tech giants like Google and Microsoft on their toes. Assange plans to make the details public once the tools are safely neutralized.
Counter Measures for Android Users
According to Google, almost 30% of the total Android users use some variants of Android below 4.4. Since these exploits seem to affect devices running Android 4.4 or older versions, the only counter measure that can be currently implemented is to upgrade the software.
In fact, in an AMA on Reddit, the former White House CIO and cyber security expert, Theresa Payton, recommended updating the software. However, for users with Smartphones that don’t come with software upgrades, it is recommended to buy new phones running the latest OS.
Is Upgrading the Only Counter Measure
Due to the growing government and private agencies unsolicited surveillance into users’ home or users’ life, upgrading a piece of software alone isn’t going to do any good.
There’s a dire need of complete encryption and anonymity more than ever. Users need to place encryption right from the onset. It is not just the devices that need to be encrypted but the entire network as well, because many security breaches become possible due to network vulnerabilities.
The security exploits revealed by WikiLeaks affect not only Android but other major OSs and consumer electronics. Since the documents cover many zero-days exploits, it will take some time for the tech giants to address the issue.
Till then, the only option for users to prevent further security and privacy breaches is to update the software on their devices, use encryption from the onset and keep their ears open for upcoming developments.