Apple, Samsung, Microsoft: WikiLeaks blows lid on scale of CIA’s #Vault7 hacking arsenal

7 Mar, 2017 16:31 / Updated 8 years ago

The major takeaway from the latest WikiLeaks dump centers around the terrifying, ‘all-seeing-eye’ surveillance project codenamed ‘Weeping Angel.’ The CIA appears to have taken espionage to a whole new level if WikiLeaks’ initial analysis is accurate.

According to the preliminary release, the CIA has the capability to hack, record and even control everyday technology used by billions of people around the world.

These include smartphones, tablets, smart TVs and even vehicles with remote control navigation systems.

On these devices themselves, the CIA can allegedly hack into some of the world’s most heavily encrypted social media and communications platforms such as WhatsApp, Weibo, Confide, Signal and Telegram before any encryption can even be applied.

For example, WhatsApp’s end-to-end encryption means that only the direct participants in a conversation can read messages; not even WhatsApp is capable of reading them.

The CIA, however, was able to hack into individual private WhatsApp messages before encryption could even be applied.

“Your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read your message,” the company writes on their website.

To understand the sheer scale of the leak and of the CIA’s high tech surveillance operations, the hierarchy of divisions within the agency’s cyber division can be looked at below.

According to WikiLeaks, the manufacturing division for the Agency’s hacking tools, or ‘zero days’ as they are dubbed in the leaks, is the EDG (Engineering Development Group), which is under the umbrella of the agency’s CCI (Center for Cyber Intelligence).

Smartphone devices

The CIA's Mobile Devices Branch (MDB) developed a variety of tools and techniques to remotely hack and control the world’s most popular smartphones and tablets.

Once hacked, phones can be used to transmit their “geolocation, audio and text communications” directly to the CIA without the user’s knowledge. In addition, the CIA can remotely activate the phone’s microphone and camera.

Apple devices

Despite Apple holding a minority share in the global smartphone market in 2016, the CIA’s Mobile Development Branch has a specific division dedicated to the hacking of Apple devices which run the iOS operating system from smartphones and tablets.

WikiLeaks also alleges that the CIA not only developed but collaborated on or purchased a variety of hacking tools or ‘zero days’ from intelligence agencies and contractors around the world such as GCHQ, NSA, FBI or Baitshop.

Samsung

The EDG has produced a ‘zero day’ capable of hacking Samsung smart TVs, switching it into a fake ‘off mode’ where the device appears to remain on standby while actually recording audio and transmitting it to nearby secured CIA servers.

For context, Samsung was the top-selling television brand in the world for the last decade with a global market share of 21 percent as of 2015. WikiLeaks did not specify in the initial release whether video recordings were also a part of this particular ‘zero day.’

Vehicle control

As far back as 2014, WikiLeaks alleges that the CIA was exploring the possibility of infecting control systems in modern cars and trucks. While the exact goal of such control has yet to be established, WikiLeaks suggests that such hacks could be used for almost undetectable assassinations.

Android devices (Samsung, HTC, Sony)

The majority of the world’s smartphones (approximately 85 percent) run on the Android operating system, with roughly 1.15 billion Android devices sold last year, according to the WikiLeaks statement. Naturally, the CIA devoted an entire subdivision to hacking Android devices, with 24 individual weaponized ‘zero days’ targeting Android devices.

Microsoft

The CIA’s cyber division has developed numerous local and remote ‘zero days’ to hack and control Microsoft Windows users. 

These ‘zero days’ include, but are not limited to: air gap jumping viruses such as ‘Hammer Drill’ that are capable of infecting computers or phones that have never been connected to the internet; hacking tools that focus on removable devices such as USB drives; systems for hiding data, be it in covert disk areas or in images; particular ‘zero days’ that are manufactured to self-perpetuate and hide themselves from detection on an ongoing basis.

Before any tech experts gloat, WikiLeaks also alleges that the CIA has developed advanced, multi-platform malware attack and control systems that cover Windows and Mac OS X but also mixed source platforms like Solaris and open source platforms like Linux. Wikileaks names these specific ‘zero days’ as the EDB's ‘HIVE,’ ‘Cutthroat’ and ‘Swindle’ tools.