According to documents leaked on Wikileaks the CIA can bypass most cell
phone encryption. (photo: Miquel Llop/NurPhoto/Sipa USA/AP)
ALSO SEE: The CIA Didn't Break Signal or
Whatsapp, Despite What You've Heard
CIA Has an "Impressive List" of Ways to Hack Into Your Smartphone, Wikileaks
Files Indicate
By Jenna McLaughlin, The Intercept
08 March 17
A concerted effort by the CIA produced a library of software attacks to
crack into Android smartphones and Apple iPhones, including some that could
take full control of the devices, according to documents in a trove of files
released by WikiLeaks Tuesday.
The attacks allow for varying levels of access - many powerful enough to
allow the attacker to remotely take over the "kernel," the heart of the
operating system that controls the operation of the phone, or at least to
have so-called "root" access, meaning extensive control over files and
software processes on a device. These types of techniques would give access
to information like geolocation, communications, contacts, and more. They
would most likely be useful for targeted hacking, rather than mass
surveillance. Indeed, one document describes a process by which a specific
unit within the CIA "develops software exploits and implants for high
priority target cellphones for intelligence collection."
The WikiLeaks documents also include detailed charts concerning specific
attacks the CIA can apparently perform on different types of cellphones and
operating systems, including recent versions of iOS and Android - in
addition to attacks the CIA has borrowed from other, public sources of
malware. Some of the exploits, in addition to those purportedly developed by
the CIA, were discovered and released by cybersecurity companies, hacker
groups, and independent researchers, and purchased, downloaded, or otherwise
acquired by the CIA, in some cases through other members of the intelligence
community, including the FBI, NSA, and the NSA's British counterpart GCHQ ,
the documents indicate.
One borrowed attack, Shamoon, is a notorious computer virus capable of
stealing data and then completely destroying hardware. Persistence, a tool
found by the CIA, allows the agency control over the device whenever it
boots up again. Another acquired attack, SwampMonkey, allows CIA to get root
privileges on undisclosed Android devices.
"This is a very impressive list," tweeted former GCHQ analyst Matt Tait,
noting that at least some of the attacks appeared to still be viable.
Matt Green, cryptographer at Johns Hopkins University, agreed the leak was
"impressive," but concluded there weren't many "technically surprising"
hacks. This lack of originality may have stemmed from a desire on the part
of the agency to avoid detection, judging from one document contained in the
trove, in which apparent CIA personnel discuss an NSA hacking toolkit known
as Equation Group and its public exposure. It was also previously known that
the CIA was targeting smartphones; drawing on top-secret documents, The
Intercept in 2015 reported on an agency campaign to crack into the iPhone
and other Apple products.
In addition to the CIA's efforts, an FBI hacking division, the Remote
Operations Unit, has also been working to discover exploits in iPhones, one
of the WikiLeaks documents, the iOS hacking chart, indicates. Last February,
while investigating the perpetrator of a mass shooting in San Bernardino,
the FBI attempted argued in court that Apple was obligated to give the FBI
access to its phones by producing a weakened version of the device's
operating system. If the WikiLeaks documents are authentic, it would appear
FBI and other elements of the intelligence community are already deeply
involved in discovering their own way into iPhones. The compromise of the
documents also calls into question government assurances in the San
Bernardino case that any exploit developed by Apple to allow the FBI access
to the killer's phone would never be exposed to criminals or nation states.
The CIA and FBI hacking revelations originate with a trove of more than
8,000 documents released by WikiLeaks, which said the files originated from
a CIA network and date from 2013 to 2016. The CIA declined to comment on the
documents, which also disclose techniques the CIA allegedly developed to
turn so-called smart televisions into listening devices. Apple did not
respond to a request for comment, and Google declined to comment, though
indicated it was actively investigating the revelations.
It's unclear who might have given WikiLeaks access to the documents; a
summary of the material hosted on the site implies it came from a
whistleblower who "wishes to initiate a public debate about the security,
creation, use, proliferation and democratic control of cyberweapons." But
the leaker could also be an outsider, including one employed by a foreign
power.
"This could be as much about Russia as CIA or WikiLeaks," tweeted Jason
Healey, Senior Research Scholar at Columbia University's School for
International and Public Affairs "A continuation of teardown of U.S.
government."
German iOS security researcher Stefan Esser, according to a chart in the
file database, developed an iOS exploit named "Ironic," which gives access
to the operating system kernel - though the hack "died" when iPhones were
updated to iOS8, the chart appears to indicate. Esser, in an email to The
Intercept, said he is not one to comb through classified documents or
comment on them - but noted CIA had apparently "used public research of mine
about a vulnerability that Apple required four attempts at fixing" in iOS.
Esser's bug was already public when CIA included it in its database. He also
noted that a training slide he presented during a security conference in
2015 was also included in the dump.
WikiLeaks discussed, without referring to any specific document, access
levels CIA has to encrypted applications, including popular Open Whisper
Systems' application Signal - though the documents do not indicate CIA has
broken the app's end-to-end encryption. Rather, it suggests the CIA can
"bypass" the encryption by hacking into the phone itself, then reading
everything on it, including data stored within any app - including messages
from Telegram, WhatsApp, and other secure messaging apps. If a phone itself
is compromised, there's little to be done to prevent an attacker from
accessing what's on it.
Some of the attacks are what are known as "zero days" - exploitation paths
hackers can use that vendors are completely unaware of, giving the vendors
no time - zero days - to fix their products. WikiLeaks said the documents
indicate the CIA has violated commitments made by the Obama administration
to disclose serious software vulnerabilities to vendors to improve the
security of their products. The administration developed a system called the
Vulnerabilities Equities Process to allow various government entities to
help determine when it's better for national security to disclose unpatched
vulnerabilities and when it's better to take advantage of them to hunt
targets.
At least some civil liberties advocates agree with the WikiLeaks assessment.
"Access Now condemns the stockpiling of vulnerabilities, calls for limits on
government hacking and protections for human rights, and urges immediate
reforms to the Vulnerabilities Equities Process," Nathan White, senior
legislative manager for digital rights group Access Now, wrote in response
to the new leak in a press release.
e-max.it: your social media marketing partner
