Apple, Google, Microsoft in crosshairs of WikiLeaks allegations – USA TODAY
WikiLeaks posted thousands of documents that it says reveal important CIA hacking secrets, including the spy agency’s ability to penetrate encrypted communications apps such as Signal or WhatsApp. The documents have not been verified yet and a CIA spokesman declined to comment.
SAN FRANCISCOÂ â The tech industry just can’t shake the ghost of Edward Snowden.
Nearly a year after a unified front of companies foughtÂ the FBI’s attempt to hack the encrypted iPhone of a terrorist, the biggest consumer tech names (Apple, Samsung, Google, Microsoft) areÂ facing a deep and multi-fronted new series of allegations that federal authorities can override their best efforts at security.
Thousands of documents published by WikiLeaks TuesdayÂ describe an arsenal of CIA hacking tools that can turn iPhone and Android smartphones,Â TVs, computers and other coveted consumer productsÂ into “covert microphones.”
The data trove threatens to reprise the public distrust of tech companies that hit a peak whenÂ ex-federal contractorÂ Snowden revealed NSA spying and collaboration between the government and Internet and phone companies used by millions. Waving the flag of consumer privacy, tech companies have been trying to repair the brand damage since.
From the archives:Â
On Tuesday CIA issued a statement declining comment on the “purported” documents. USA TODAY has not yet been able to confirm the authenticity of the documents nor seen anything in them thus far to indicate the tools were used in the U.S.
So far, Silicon Valley has responded with resounding silence to the latest WikiLeaks bombshell.
Microsoft,Â Google, Samsung and WhatsApp (owned by Facebook) said they areÂ looking into the matter.Â Signal did not respond to an email messageÂ for comment on the report.
Late Tuesday, Apple said its initial analysis “indicates that many of the issues leaked today were already patched in the latest iOSÂ (but) we will continue work to rapidly address any identified vulnerabilities.”
If true, the blockbuster disclosures not only will rock the tech world but could foster widespreadÂ paranoia among consumers that their most prized digital devicesÂ could beÂ spying devices, casting doubt on their security and the companies that design and build them, say cybersecurity experts.
“Everybody should have been worried before, but this is reason to worryÂ more,” says Phil Reitinger, CEO of the Global Cyber Alliance and a former director of the National Cyber Security Center. “There is a soaring risk for attack that this feeds into.”
AmongÂ WikiLeaks’ allegations in its release, dubbed ‘Vault 7′:
âÂ Developers created programs in homage to popular culture, including RickyBobby, an âimplantâ to computers running Microsoft Windows referencing the 2006 Will Farrell movie Talladega Nights. Another program, called a trojan, was dubbed Fight Club. Spread via thumb drives, itÂ referencedÂ the 1996 novel and 1999 movie with Brad Pitt.
âÂ Hackers have lists of targeted information like: geolocation data, user identification information, counter-intelligence, pattern of life, return information and general machine information.
âÂ AÂ specialized unit in the CIA’s Mobile Development Branch “produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads.”
âÂ Government hackers were able to infiltrate Android phones and collect âaudio and message traffic before encryption is applied,â WikiLeaks said in a statement.
â Some of the hacks can be deployed via games like 2048, a single-player sliding block puzzle game, or Sudoko. Others deploy from communication programs like Skype or virus-prevention programs such as McAfee.
âÂ Encrypted messaging tools for popular phone and messaging services, including WhatsApp, Telegram and Signal, were bypassed, according to aÂ New York Times report.
â Some of the WikiLeaks documents describe tests of hacksdesigned to infiltrate network routers, the computers that are responsible for directing traffic on the internet.
For Silicon Valley, the disclosure is the latest example of a government agency posing a serious threat to global trust in their products, , says Richard Henderson, global security strategist at cybersecurity firm Absolute Software.
“This takes the topic to a deeper level,” Henderson says.
What Snowden started jolted the market into accepting thatÂ âwe are more vulnerable than we thought we were,â adds Casey Ellis, CEO of security company Bugcrowd. “The ‘Vault 7â disclosures are simply taking us deeper down the rabbit-hole of how, why, and where.”
Contributing: Nick Penzenstadler, Elizabeth Weise and Brad Heath