- Apr 12, 2001
In a new series of leaks focusing on the United States Central Intelligence Agency, code named "Vault 7," WikiLeaks has revealed 8,761 documents discovered within an isolated network in Langley, Virginia that "amounts to more than several hundred million lines of code." The code contains what WikiLeaks referred to as a "hacking arsenal" of malware, viruses, trojans, and weaponized "zero day" exploits for iOS devices, that could give anyone in possession of the code "the entire hacking capacity of the CIA."
This "Year Zero" release is the first in the full Vault 7 series by WikiLeaks, and is said to act as an introduction to the capacity and means of the CIA's covert hacking program. The agency's abilities can take aim at a number of popular consumer products from companies like Apple, Google, Samsung, and Microsoft, turning everything from an iPhone to a smart TV into a "covert microphone."
In its analysis of the released documents, WikiLeaks looked at how iPhones and iPads have been targeted by the CIA in the past, and how they can continue to be exploited in the future. Although Android remains a dominant force in the global smartphone market, WikiLeaks argued that a "disproportionate focus" has been placed on iOS devices by the CIA, most likely due to the Apple-branded phone's popularity.
Because of this, the agency has a specialized unit in place within the Mobile Development Branch that creates and executes malware to infiltrate, take control of, and exfiltrate sensitive information from iOS products. The MDB's methods are said to include a collection of zero day exploits, which are vulnerabilities in a piece of software unknown by the software's creator and subsequently exploitable by hackers.
Including the iOS malware, WikiLeaks claimed that the CIA has recently "lost control" of the majority of its hacking arsenal.
WikiLeaks noted that in the wake of Edward Snowden's NSA leaks, a group of technology companies convinced the Obama administration to disclose any zero day exploits and bugs to each company, rather than hoard the information. The Vulnerabilities Equities Process underlined this agreement in 2010, and the U.S. government said it would reveal any vulnerabilities discovered to the company in question.Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
Documents in Year Zero paint a further negative image for the CIA, which is said to not have abided by the agreement between the technology companies and the U.S. government. An example was given by WikiLeaks centering on one malware that can control both the Android phone and iPhone software "that runs or has run presidential Twitter accounts." The government is said to not have brought the information forward to Apple or Google in the time it has had the hacking data.
The scope of the new WikiLeaks documents includes detailed information on the iOS exploits, hacks that could potentially infest vehicle control systems, and even attacks against Samsung smart TV sets. This last point, dubbed "Weeping Angel," was said to have been developed by the CIA in conjunction with the United Kingdom's MI5 as a way to convert turned-off television sets into secret microphones.As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.
The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone at the expense of leaving everyone hackable.
The full list of the Year Zero documents can be found on WikiLeaks, and complete analysis of the documents by independent security experts will take some time in order for the impact of the release to be determined.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Article Link: New WikiLeaks Series Details CIA's 'Specialized Unit' Dedicated to Creating iOS Exploits