Understanding CIA Hacking and What it Means for You
Earlier this week Wikileaks released “Vault 7”, a massive trove of information about CIA hacking activities, raising fears about Big Brother surveillance programs and sending computer security experts in search of antacid medication.
Here are the most important takeaways:
One: The CIA Did Not Break Encryption.
Encryption algorithms are highly mathematical complexities involving very large prime numbers. In fact, if you want to take your head for a spin do a little casual background reading on Triple DES.
As far as we know from this particular cache of documents, encryption is still a strong lock on your data. In fact, The Electronic Frontier Foundation backed this fact up in a recent statement on the hacks:
“While we are still reviewing the material, we have not seen any indications that the encryption of popular privacy apps such as Signal and WhatsApp has been broken. We believe that encryption still offers significant protection against surveillance.
The worst thing that could happen is for users to lose faith in encryption-enabled tools and stop using them.”
Two: You Must Update Your Devices.
The documents describe the exploitation of known software vulnerabilities, particularly in Android and iPhone devices. These are known in the computer security field as “zero day attacks.”
As soon as these vulnerabilities are known to the software manufacturers, they race to write code to patch the hole. Normally, they discover the vulnerability before the public does. The term “zero day” means that the exploitation is not previously known, so the software people have zero days to fix the situation before it is discovered.
Because manufacturers are constantly releasing security fixes, it is absolute madness not to keep your devices up to date. Take this news as an excuse to make sure that you update your devices early and often, and keep the CIA and everyone else who wants to hack you at bay.
Three: You Should Beware the Internet of Things (IoT).
As our society has raced to connect Alexa, Google Home, Smart TVs, and every last doohickey in our homes to our WiFi routers, we seem to have overlooked the inconvenient truth that many of these devices have microphones and/or cameras.
Here’s the result: The CIA engineered an Orwellian tool called “Weeping Angel” that allows your Samsung TV to listen to you and upload the conversation to their servers (even when you think it’s turned off.)
Theoretically, any of your voice-activated digital assistants or any microphone-connected devices could do the same.
Right now, there’s really nothing you can do about it until the IoT community gets together and develops better safety standards. Until then, the super-careful among us should unplug these devices when not in use, and not trust them to be “turned off.”