A series of internal CIA documents released Tuesday by WikiLeaks serve as a reminder that any computer, smartphone or other device connected to the internet is vulnerable to compromise.
The 8,761 documents detail a CIA hacking program with 5,000 registered users that produced more than a thousand hacking systems, Trojans, viruses, and other “weaponized” malware. The scale of the program was so massive that by 2016, its hackers had utilized more code than what is currently used to run Facebook.
Highlights of the program include hacks developed to access Apple Inc iPhones, Google Inc Android devices and Samsung TVs. Once hackers have control of these devices, they can spy on users by listening to their conversations through microphones, accessing cameras and capturing text or voice messages by bypassing encryption.
When consumers purchase an IoT device, such as a Smart TV, they don’t think about the possibility of it being hacked. However, any device connected to the Internet is vulnerable to an attack.
According to a message on Twitter by WikiLeaks Founder Edward Snowden, the files are potentially the first public evidence of the U.S. government secretly buying software to exploit technology. The release refers to a list of various Apple iOS flaws that the CIA and other intelligence agencies have managed to compromise.
Apple immediately responded to the document, stating the company has fixed “many” of the vulnerabilities. Microsoft and Samsung stated they are looking into the issues raised. Other companies and groups mentioned have made no comment at all.
To protect against hack attempts on IoT devices, consumers should always run the most current operating systems available and upgrade any additional outdated software, such as web applications or plugins, to the latest version.
Furthermore, any devices with cameras should also be covered with a slider, preventing anyone from accessing the device for snooping purposes. This type of slider also restricts a camera’s functionality if accidentally turned on during a webinar or other online interaction.
For more cybersecurity updates and breaking news, follow us on Twitter at @SiteLock.