Infamous leaking group WikiLeaks released a trove of alleged Central Intelligence Agency hacking documents that describe ways of penetrating various popular consumer electronic devices, including iOS-based devices and Samsung smart TVs.
The series of leaks, codenamed “Vault 7” by the site, is apparently the largest publication of confidential CIA documents, the organization said in a press release. The first part the series, dubbed “Year Zero” and leaked on Tuesday, March 7, contains over 8,700 documents and files allegedly obtained from a network at Langley’s Center for Cyber Intelligence.
If proved to be genuine, the leak could rock the technology world, as the series of documents contain information on “weaponized exploits,” hacking programs and malware tailored to be used on a wide range of consumer electronic devices, from the Apple iPhone and Android-based devices, to Windows computers and Samsung TVs — the latter of which could be turned into “covert microphones.” Even if such a device appears to be off, it could record conversations in a room and send them to a CIA server, the new release said. The documents also describe techniques that could potentially allow the CIA to access content in popular messaging apps such as Signal and WhatsApp before it is encrypted, Slate reported.
WikiLeaks also alleges that the CIA has a “mobile devices branch” which develops malware that could infect iOS and Android-based devices, and could then be used to extract personal information such as location data, text messages, and voicemails. The array of attacks could even be used to secretly activate a mobile device’s camera or microphone. The iPhone was apparently of disproportionate focus, possibly due to the device’s popularity among “social, political, diplomatic and business elites,” WikiLeaks alleged.
Although not confirmed to be authentic, a former intelligence officer told the New York Times that certain code names, organizational charts, and descriptions within the leak appear to be genuine. A CIA spokesperson declined to comment on the documents, the NYT reported. WikiLeaks apparently obtained the documents after they were circulated among former U.S. government hackers and contractors “in an unauthorized manner.” One of them allegedly shared portions of the classified archive with the leak site.
Perhaps most worrying is the potential for the malware and exploits to fall into the wrong hands, such as rogue foreign actors, criminals or even domestic hackers. Last year, a mysterious group known as the Shadow Brokers put a set of NSA hacking tools up for auction on the internet, Vice reported. As such, in addition to obscuring certain details within the documents, WikiLeaks refrained from leaking actual, usable code.