This morning we awoke to news of Wikileaks releasing thousands of documents detailing the CIA and their involvement with hacking Android (and other OSes). Most of the mainstream media sites picked it up, which Wikileaks loved of course, but none of them put it into context. Here is the context — the documents themselves mean nothing.
I follow a lot of white-hat security “hackers” on Twitter and reading over my thread made me realise that this is all sensationalism by Wikileaks and the mainstream media.
— WikiLeaks (@wikileaks) March 7, 2017
Their press release also does it’s best to make their leaks seem relevant:
A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.
These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.
Looks scary right? Call them zero-days and everyone panics. A zero-day is a vulnerability or exploit that is unknown to the software manufacturer or to antivirus vendors. According to well known Android security researcher, Jon Sawyer, a few of the Android bugs are known already (not zerodays in other words) while others appears to be old. Via his Twitter account he goes on to say that the material released by Wikileaks is “OLDDDDDDDDDDDDDDDDDDDDD and misrepresented”. Nothing leaked by Wikileaks is significant….. anymore.
If you are indeed interested in reading some more regarding the truth from security researchers about this leak I suggest you head to the Erratasec website. Of note is that the CIA are not hoarding zero-days and what they are doing is straightforward hacking using exploits that can be found on the Internet if you know where to look.
The leaks do attribute some known viruses as having originated with the CIA and now anti-viruses can be created to defeat the CIA efforts. What we should be worried about is in the following response from Jon Sawyer:
Either WL's data is out of date, or US Gov capabilities suck. Which do you think is more likely lol
— Jon Sawyer (@jcase) March 7, 2017
So while the leaks mean nothing, as all of them are known and most have been plugged already, it signals something else — that governments are actively attempting to circumvent mobile operating systems around the world. I doubt this comes as much of a surprise to most of you.
While some people say that they have nothing to hide and it does not worry them, you can be sure that if governments are doing this then there is no doubt there are people using the same exploits for nefarious reasons. Be it your personal information, your bank details or something else, no one wants an unknown entity rifling through the data on their phones.
How can you prevent this from happening? Buy phones that receive regular security updates. Google are patching security holes every month in Android and roll them out to their devices that same month usually. Can the same be said for all manufacturers? Unfortunately not. If this concerns you find out how well a company performs with their security updates when you consider your next purchase.
The other thing you can do to help prevent yourself being a victim of an attack is to only install software from the Google Play Store. Google hunt through each and every app on the Play Store to prevent them from infecting your phone. Common sense is the name of the game.
So while the sky is NOT falling and Wikileaks’ trove of materials released today are old, outdated and no longer significant by themselves, it signifies a greater problem we should all be aware of — cybersecurity. Be safe with your use. Install apps only from trusted sources such as the Google Play Store and buy phones that receive regular security updates.