It has been a few days now, but on March 7th WikiLeaks released over 8000 (yes, thousand) pages of what it claims are CIA documents detailing their ability to use or hack technology, like phones and TV’s, to do their spying. Of course (as of this writing) the CIA does not comment on the validity of the claim, but spokes people say it harms the CIA’s ability to do its job.
Some of the first news you may have heard about it sounded very scary and was published before the information could be fully understood. When a big story like this hits, todays news organizations need to put out a story NOW.
Here is a basic summary as we understand it today that the average person needs to know.
- You should remember that the CIA is not allowed to spy on American citizens! So none of this should affect you. (probably…)
- The report that the CIA can use Samsung TV’s to listen to people – This is probably true- but the method described in the documents requires that they get physical access to the TV and install something onto the TV’s onboard computer. Note- It is known (and disclosed in Samsung’s EULA) that they or 3rd parties can access the mic / camera on the TV’s. Any “smart” TV probably is susceptible this this. Visio recently made news by also using the mic to “listen” to what shows where being watched for ratings purposes without telling its customers.
- They CIA also tends to target individual people or organizations, not the whole of the American people as the Snowden NSA leaks showed.
- The big scare for most technology experts or privacy advocates was the report that encrypted communication apps like WhatsApp and Signal had been cracked – FALSE! NO! NOT TRUE!
These encryption programs are still safe. How the CIA could get the info you may send with them would be by security holes in the iOS or Android operating systems that allow them to see what you type or take screen shots. Again, this usually requires physical access to the phones.
There are Windows and Mac vulnerabilities as well as autonomous car and IoT device projects. Any type of computer can be infected, hacked, or taken over especially if someone can get physical access to the device to do it.
After several experts have had a chance to review these papers, it is now thought that nothing in these papers is Earth shattering news. All of these methods are well known to the security community, and many of them have been fixed since they are already several years old.