What WikiLeaks CIA Hack Means for You and Your Gadgets

UPDATED 8:45 a.m. ET Wednesday, March 8, with comment from Apple, Microsoft and Samsung.

Worried about the hacking secrets revealed in the latest Wikileaks data dump?

The entrance hall at CIA headquarters in Langley, Virginia. Credit: Mark Wilson/GettyThe entrance hall at CIA headquarters in Langley, Virginia. Credit: Mark Wilson/Getty

Here’s what you need to know. The WikiLeaks revelation might be part of a Russian disinformation campaign meant to undermine the U.S. intelligence agencies in general, and to more immediately lend credence to President Donald Trump's allegations that former President Barack Obama spied on him.

Some of the CIA hacking tools mentioned in the WikiLeaks dump are real. Some of them probably are not. We may never truly know which is which. (But we are intrigued by the one about turning a Samsung Smart TV into a listening device.)

UPDATE: In a statement released to news outlets Monday evening, Apple said it had already fixed some of the flaws revealed in the WikiLeaks data dump.

"Many of the issues leaked today were already patched in the latest iOS," the company said.

However, while that's undoubtedly true regarding the list of exploits for older versions of iOS, many of which are publicly known, the WikiLeaks file mentioned many exploits and vulnerabilities that have not yet been fully disclosed, by WikiLeaks or by anyone else. In other words, Apple can't know whether all the flaws have been patched if it doesn't know how all the flaws work.

In statements given to the BBC, Microsoft and Samsung said they were both looking into the allegations made in the documents.

MORE: Best Encrypted Messaging Apps

For the moment, all we can tell you to do is to keep your PCs, Macs, iPhones and Android updated to the latest versions of their operating systems, to run antivirus software on Windows, macOS and Android, and to be wary of smart-home devices that are always listening to what you say. (And if your Android device can't be updated beyond Android 5.1 Lollipop, get a new one.)

WikiLeaks says the cache of information, reportedly "8,761 documents and files," came from "a former U.S. government hacker [or] contractor." That's possible. It's also possible that it came straight from the Russian intelligence services, which is how WikiLeaks apparently obtained emails stolen from the Democratic National Committee.

As such, we can't completely trust what's in the files. But let's go over the important stuff:

Allegation: The CIA knows how to hack into iPhones and Android phones.

Reality: Yes, of course it does. So do the NSA and the foreign-intelligence agencies of Britain, France, Russia and China.

Impact and what you can do: Unless you're a high-value target, such as a terrorist, arms dealer, foreign politician or diplomat or, well, a spy, the CIA will probably not be interested in what's on your phone.

Allegation: The CIA can bypass the encryption used by WhatsApp, Telegram, Signal and other secure messaging services.

Reality: Yes, it can, but only if an "endpoint" -- a phone or computer sending or receiving a secure message -- has been hacked by other means. The CIA is not "cracking" the encryption. Because the message is decrypted at the endpoint by the messaging software anyway, the CIA doesn't need to decrypt the message itself.

Impact and what you can do: Unless you're a high-value target, as outlined in the previous answer, keeping your phone's operating system and apps up-to-date will protect you from cybercriminals who may also want to read your secret messages.

Allegation: The CIA can turn a Samsung Smart TV into a listening device.

Reality: Unknown, but likely. WikiLeaks alleges that the CIA tool "Weeping Angel" (a Doctor Who reference), developed with Britain's MI5, puts Samsung Smart TVs in a "fake-off" state in which the device only appears to be turned off. (Previously reported NSA/CIA eavesdropping tools for iPhones allegedly work in a similar manner.) Presumably, this only works on voice-command-enabled Samsung Smart TVs, which constantly listen to background noise.

Impact and what you can do: If your TV can't listen for voice commands, you're probably safe. If it does, you could unplug it when it's not being used.

MORE: Simple Ways to Prevent Hackers From Ruining Your Life

Allegation: The U.S. Consulate in Frankfurt is used by the CIA as a base for agency hacking activities.

Reality: CIA spies routinely use State Department diplomatic cover to travel and reside abroad. Every U.S. Embassy contains a CIA station. The only news here is that the Frankfurt consulate is named as a center for information-security activities.

Impact and what you can do: Nothing for the average consumer, but the instructions for CIA operatives on how to adjust to life in Germany are a good read for any tourist.

Allegation: The CIA uses antivirus software, along with other kinds of software, as "decoys" to provide cover for its hacking activities.

Reality: Not surprising. The report says legitimate software is used as part of the CIA's "Fine Dining" program (possibly a SpongeBob SquarePants reference) to infiltrate computer systems not connected to the internet. Criminals use hacked versions of real software all the time. It's not clear whether the antivirus software itself is altered by the CIA, or whether the software runs unaltered in the foreground while more nefarious deeds happen in the background.

Impact and what you can do: Be wary of antivirus warnings that pop up when you’re browsing online. They’re probably not from the CIA, but instead from criminals and tech-support scammers who want you to pay for malware protection that doesn’t work.

Create a new thread in the Off-Topic / General Discussion forum about this subject
47 comments
    Your comment
  • Daekar3
    Wow... Still pushing "the Russians did it!" narrative, huh? Boy, put the truth in front of a blind man and he still can't see.
    2
  • stateofstatic
    So because you're a security guy this gives you the insight to say its "likely part of a Russian disinformation campaign meant to undermine the U.S. intelligence agencies in general, and to more immediately lend credence to President Donald Drumpf's allegations that former President Barack Obama spied on him."???

    Any evidence in the leak to support your theory?

    Fun find in the leak: A guide on how to use stolen hacking tools from other countries to put their "fingerprints" on CIA ops to make it look like say, oh...the Russians did it.

    "Some of the CIA hacking tools mentioned in the WikiLeaks dump are real. Some of them probably are not. We may never truly know which is which."

    Given wikileaks 100% accuracy record over the past 10yrs, what makes you think anything in the leak is fake?

    Another fun find in the leak: 22,000+ IP addresses WITHIN the United States listed as CIA "TOOs" (targets of opportunity) had to be redacted by Wikileaks. Wow, that's a LOT of terrorists on our own soil, right?
    3
  • Arthur Dent The Third
    So - you think that the allegations are for the most part completely accurate, yet you open by calling it part of a "disinformation" campaign? That's some reporting there...
    2