Apple, Google, Microsoft and Samsung and industry analysts scrambled yesterday to assure consumers that Big Brother and Sister were not listening in on their dinner plans — particularly if they’ve updated their devices with the latest operating system updates — in the wake of WikiLeaks’ release of confidential CIA documents it has dubbed Vault 7.
In publishing the first part of the series, “Year Zero,” WikiLeaks writes that altogether it has 8,761 documents and files from a high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Va.
“‘Year Zero’ introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of ‘zero day’ weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones,” according to its release.
WikiLeaks purportedly obtained the information from an anonymous (and so-far unverified) source who “wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.”
“We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu has emailed anybody who asked.
The idea that spies could listen in on conversations by tapping into devices such as smart TVs and Amazon Echoes seems to be particularly rattling as the practice would expose an entire household — and visiting grandmas — to cyber-spying.
“The data trove threatens to reprise the public distrust of tech companies that hit a peak when ex-federal contractor [Edward] Snowden revealed NSA spying and collaboration between the government and Internet and phone companies used by millions. Waving the flag of consumer privacy, tech companies have been trying to repair the brand damage since,” observes Jon Swartz for USA Today.
First, “It’s important to note that, according to the CIA, the agency is ‘specifically prohibited from collecting foreign intelligence concerning the domestic activities of U.S. citizens,’” Chris Morran reminds us in The Consumerist.
“The WikiLeaks document describes the hacking of individual, targeted devices. Judging by the information posted on WikiLeaks, the CIA needed to plug a USB drive into a television to get the hack to work. While some say it's likely that the CIA was also developing the ability to get into televisions remotely, as Forbes reported, there isn't proof that they've succeeded,” Hayley Tsukayama writes for the Washington Post.
“For the vast majority of us, this does not apply to us at all,” Jackdaw Research analyst Jan Dawson tells Tsukayama. “There's no need to worry for any normal law-abiding citizen, based on what I've seen.”
“Apple's statement was the most detailed, saying it had already addressed some of the vulnerabilities,” the BBC reports.
“The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way,” it says. “Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80% of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities.”
“Samsung, whose smart TVs had been compromised, according to the report’s claims, said ‘protecting consumers’ privacy and the security of our devices is a top priority’ and that it was looking into the matter. It declined to comment on whether it knew about vulnerabilities in its smart TVs or about snooping from foreign agencies,” Madhumita Murgia, Hannah Kuchler and Bryan Harris write for Financial Times.
They add that Lee Seung-woo, analyst at IBK Securities, “played down the impact of the WikiLeaks report on Samsung,” saying: “The allegations underline the basic risks of using smart devices, rather than Samsung’s faults.”
“For LG, the episode underscores the need for strong product security,” reportCNET’s Laura Hautala and Alfred Ng.
“Digital privacy isn't just an LG concern, it's an industry-wide issue that needs to be tackled by everyone who has a stake in the system, which is why we are completely committed to working with other industry players to make sure that consumers are protected to the fullest extent that today's technology will allow,” it said.
As for Microsoft, “We're aware of the report and are looking into it,” it emailed.
Heather Adkins, Google’s director of information security and privacy, tells BuzzFeed News’ Sheera Frenkel and Hamza Shaban: “As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities. Our analysis is ongoing and we will implement any further necessary protections.”
Unless you’re up to something nefarious, it presumably all boils down to this NBC headline over an AP story: “Experts: Don’t Dump Devices Over WikiLeaks CIA Docs.”