What WikiLeaks CIA Hack Means for You and Your Gadgets

UPDATED 8:45 a.m. ET Wednesday, March 8, with comment from Apple, Microsoft and Samsung.

Worried about the hacking secrets revealed in the latest Wikileaks data dump?

The entrance hall at CIA headquarters in Langley, Virginia. Credit: Mark Wilson/Getty

(Image credit: The entrance hall at CIA headquarters in Langley, Virginia. Credit: Mark Wilson/Getty)

Here’s what you need to know. The WikiLeaks revelation might be part of a Russian disinformation campaign meant to undermine the U.S. intelligence agencies in general, and to more immediately lend credence to President Donald Trump's allegations that former President Barack Obama spied on him.

Some of the CIA hacking tools mentioned in the WikiLeaks dump are real. Some of them probably are not. We may never truly know which is which. (But we are intrigued by the one about turning a Samsung Smart TV into a listening device.)

UPDATE: In a statement released to news outlets Monday evening, Apple said it had already fixed some of the flaws revealed in the WikiLeaks data dump.

"Many of the issues leaked today were already patched in the latest iOS," the company said.

However, while that's undoubtedly true regarding the list of exploits for older versions of iOS, many of which are publicly known, the WikiLeaks file mentioned many exploits and vulnerabilities that have not yet been fully disclosed, by WikiLeaks or by anyone else. In other words, Apple can't know whether all the flaws have been patched if it doesn't know how all the flaws work.

In statements given to the BBC, Microsoft and Samsung said they were both looking into the allegations made in the documents.

MORE: Best Encrypted Messaging Apps

For the moment, all we can tell you to do is to keep your PCs, Macs, iPhones and Android updated to the latest versions of their operating systems, to run antivirus software on Windows, macOS and Android, and to be wary of smart-home devices that are always listening to what you say. (And if your Android device can't be updated beyond Android 5.1 Lollipop, get a new one.)

WikiLeaks says the cache of information, reportedly "8,761 documents and files," came from "a former U.S. government hacker [or] contractor." That's possible. It's also possible that it came straight from the Russian intelligence services, which is how WikiLeaks apparently obtained emails stolen from the Democratic National Committee.

As such, we can't completely trust what's in the files. But let's go over the important stuff:

Allegation: The CIA knows how to hack into iPhones and Android phones.

Reality: Yes, of course it does. So do the NSA and the foreign-intelligence agencies of Britain, France, Russia and China.

Impact and what you can do: Unless you're a high-value target, such as a terrorist, arms dealer, foreign politician or diplomat or, well, a spy, the CIA will probably not be interested in what's on your phone.

Allegation: The CIA can bypass the encryption used by WhatsApp, Telegram, Signal and other secure messaging services.

Reality: Yes, it can, but only if an "endpoint" -- a phone or computer sending or receiving a secure message -- has been hacked by other means. The CIA is not "cracking" the encryption. Because the message is decrypted at the endpoint by the messaging software anyway, the CIA doesn't need to decrypt the message itself.

Impact and what you can do: Unless you're a high-value target, as outlined in the previous answer, keeping your phone's operating system and apps up-to-date will protect you from cybercriminals who may also want to read your secret messages.

Allegation: The CIA can turn a Samsung Smart TV into a listening device.

Reality: Unknown, but likely. WikiLeaks alleges that the CIA tool "Weeping Angel" (a Doctor Who reference), developed with Britain's MI5, puts Samsung Smart TVs in a "fake-off" state in which the device only appears to be turned off. (Previously reported NSA/CIA eavesdropping tools for iPhones allegedly work in a similar manner.) Presumably, this only works on voice-command-enabled Samsung Smart TVs, which constantly listen to background noise.

Impact and what you can do: If your TV can't listen for voice commands, you're probably safe. If it does, you could unplug it when it's not being used.

MORE: Simple Ways to Prevent Hackers From Ruining Your Life

Allegation: The U.S. Consulate in Frankfurt is used by the CIA as a base for agency hacking activities.

Reality: CIA spies routinely use State Department diplomatic cover to travel and reside abroad. Every U.S. Embassy contains a CIA station. The only news here is that the Frankfurt consulate is named as a center for information-security activities.

Impact and what you can do: Nothing for the average consumer, but the instructions for CIA operatives on how to adjust to life in Germany are a good read for any tourist.

Allegation: The CIA uses antivirus software, along with other kinds of software, as "decoys" to provide cover for its hacking activities.

Reality: Not surprising. The report says legitimate software is used as part of the CIA's "Fine Dining" program (possibly a SpongeBob SquarePants reference) to infiltrate computer systems not connected to the internet. Criminals use hacked versions of real software all the time. It's not clear whether the antivirus software itself is altered by the CIA, or whether the software runs unaltered in the foreground while more nefarious deeds happen in the background.

Impact and what you can do: Be wary of antivirus warnings that pop up when you’re browsing online. They’re probably not from the CIA, but instead from criminals and tech-support scammers who want you to pay for malware protection that doesn’t work.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

  • Daekar3
    Wow... Still pushing "the Russians did it!" narrative, huh? Boy, put the truth in front of a blind man and he still can't see.
  • stateofstatic
    So because you're a security guy this gives you the insight to say its "likely part of a Russian disinformation campaign meant to undermine the U.S. intelligence agencies in general, and to more immediately lend credence to President Donald Drumpf's allegations that former President Barack Obama spied on him."???

    Any evidence in the leak to support your theory?

    Fun find in the leak: A guide on how to use stolen hacking tools from other countries to put their "fingerprints" on CIA ops to make it look like say, oh...the Russians did it.

    "Some of the CIA hacking tools mentioned in the WikiLeaks dump are real. Some of them probably are not. We may never truly know which is which."

    Given wikileaks 100% accuracy record over the past 10yrs, what makes you think anything in the leak is fake?

    Another fun find in the leak: 22,000+ IP addresses WITHIN the United States listed as CIA "TOOs" (targets of opportunity) had to be redacted by Wikileaks. Wow, that's a LOT of terrorists on our own soil, right?
  • Arthur Dent The Third
    So - you think that the allegations are for the most part completely accurate, yet you open by calling it part of a "disinformation" campaign? That's some reporting there...
  • FrostedFlake
    What, me worry?

    This is a boon to the general public, real or memorex. Every security firm in the UNIVERSE is even now scrambling to get a grip. In the next few weeks they will all roll out new and vastly more effective software.
  • Daekar3
    @ArthurDentTheThird - don't give them the credit. There hasn't been any important reporting or real journalism taking place in establishment-controlled outlets for years. With an article-lead like that, this qualifies as propaganda and damage control.
    LOL @ any of this being new, the American public is EXTRA gullible. The is part of the Russian/Wikileaks wake-up call literally any time Trump gets in trouble. It never fails.

    The CIA isn't to blame for any of this, if you spent any time in the ISP world you'd know this casual hacking has been going on since the Internet became the Internet.

    OMG, it's the CIA!!!!!
    If you log into Google and enable location services they know where you are. If you use Chrome and prediction services they audit your browser. If you just now figured out that every device device you use is gathering information & now you want to blame the CIA for protecting the country with it in some cases lol @ you.
  • Dave_132
    StateofStatic, he's not questing the validity of the wikileaks... He's questioning the CIA.
  • J Gravelle
    How might we quantify the asserted likelihood that this release is part of a Russian disinformation campaign...?
  • daiichi
    Until I read this article, I gave Tom's Hardware some credibility when it came to high-tech opinions. Not so any longer. Evidently, this Paul Wagenseil is a biased shallow thinker.

    His assertion that a three-letter agency's ability to hack into smartphones only matters if you are a "high value" target is absurd. If the tool that the CIA is using is quick and efficient, then a vulnerability in your phone should be a huge concern (think along the lines that most of Trump's cabinet would not have been considered "high value" until recently). Also consider that if the vulnerability exists, then nothing stops your tech-savvy spouse from hacking into your smartphone too.

    So unfortunately, now TH has fallen into the class of websites whose opinionated articles should be generally ignored if a better-qualified source disputes their claims.