‘CIA uses zero-days in Windows, Android, iOS and Samsung TVs for espionage’
WikiLeaks publishes a large number of documents about the hacking capabilities of the CIA under the name Vault 7. It concerns a series of publications about malware, systems, cyber weapons and zero-days that the CIA deploys. The CIA targets Samsung TVs, among other things.
The first publication of the collection has dubbed WikiLeaks Year Zero and includes 8,761 documents and files allegedly from the CIA’s Center for Cyber Intelligence, which is located in Langley. The collection is already circulating in circles of government hackers, according to the platform. One of them is said to have provided WikiLeaks with the files, in order to ‘start a debate’, among other things about the powers of the intelligence service and the use of cyber weapons.
The documents describe, among other things, how the CIA is targeting users of Windows, Android, iOS and Samsung TVs using zero-days. These are vulnerabilities that are not yet known to the manufacturer and therefore have not yet been closed. Last year, the CIA alone had 24 zero-days for Android. Collecting such vulnerabilities is sensitive because average users also run a risk if leaks are not sealed. The US government promised after Snowden’s revelations about the NSA that vulnerabilities found by the intelligence services would be revealed earlier to manufacturers such as Microsoft, Google and Apple.
For Windows, among others, the service still had several zero-days, which can be abused both locally and remotely. WikiLeaks talks about Hammer Drill, a virus capable of spreading via optical media to computers not connected to the internet. In addition, there are details about malware that spreads via USB sticks and systems for hiding and long-term distribution of malware. There is also a platform to target multiple operating systems such as Windows, OS X, Solaris, router software and Linux with attacks simultaneously. This platform, called HIVE, communicates via https with a large number of hidden domains.
The CIA had “above average focus” on vulnerabilities in iOS, according to WikiLeaks. According to the site, this is likely due to the iPhone’s popularity among the political, business and diplomatic elite. Among the zero-days for this software are tools with names like Elderpiggy to escape the sandbox, Dyonedo to bypass code signing, and Nandao and Xiphos, which are kernel exploits.
The method by which Samsung TVs can be attacked is said to have been developed by the CIA together with the British MI5. The tool for this, Weeping Angel, secretly turns on the microphone of the television and makes the device appear off, but on. The devices then send recorded conversations to the CIA’s server. Furthermore, the documents show that the service has been focusing on infecting vehicles since 2014. Details about this are not in the documents.
Also part of the publication is information that the CIA uses the American consulate for CIA spies. They receive tips in a lightly written document about spending expenses at the expense of the consulate and quickly going through the customs procedure by saying that they are entering Germany as a technical consultant for the consulate.
The oldest documents are from 2013, the most recent from last year. WikiLeaks speaks of the largest publication related to intelligence services to date. That would mean that a greater number of documents would be made public than with Edward Snowden’s publication on the NSA. WikiLeaks is not yet providing details about the upcoming releases of Vault 7.