Wednesday, 08 March 2017 07:16

Windows, iOS, Android, Samsung, Linux under threat after Vault 7 dump Featured

By

The release of a huge number of CIA documents by WikiLeaks overnight puts many of the common software and gadgets used around the world at risk.

There is code in the release for attacks on Microsoft's Windows, Apple's iOS, macOS and OS x, Google's Android, Linux and Samsung TVs.

The hacking and malware tools are built by the Engineering Development Group, a department of the CIA's Directorate for Digital Innovation. This is one of the five major directorates of the CIA.

The exploit to listen in through Samsung TVs has been dubbed Weeping Angel and was developed with Britain's MI5/BTSS, WikiLeaks said.

"After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode, so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server," it said.

The agency's Mobile Devices Branch had developed numerous attacks to remotely hack into and take over popular smartphones; the location of the owner, audio and text communications could be snooped on, while the phone's camera and microphone could be covertly activated.

The iPhone had 14.5% of the global smartphone market in 2016, but the CIA had a specialised unit to develop attack tools for this device, probably because it was popular among diplomatic, social, political and business elites, WikiLeaks said.

A similar unit was focused on Google's Android operating system which has nearly all of the remaining market share.

"Year Zero shows that as of 2016 the CIA had 24 'weaponized' Android 'zero days' which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

"These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Weibo, Confide and Cloackman by hacking the smartphones that they run on and collecting audio and message traffic before encryption is applied."

The material released shows a huge effort to control Windows users with malware, including numerous local and remote weaponised zero-day exploits, and air gap jumping viruses like Hammer Drill which is used to collect information from CDs/DVD.

There are also exploits for routers, infectors for removable media like flash drives, systems for steganography (hiding data in images) or in covert disk areas.

WikiLeaks said the CIA had built automated multi-platform malware attack and control systems for Windows, Linux, OS X, Solaris and other operating systems.

One of the tools described is HIVE; it contains customisable implants for Windows, Solaris,s MikroTik (routers), and Linux and a command and control infrastructure to communicate with the software after it is placed on targets.

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

MITIGATE FRAUD WITH HYLAND’S DIGITAL CREDENTIALING SOLUTION

Some of the most important records are paper-based documents that are slow to issue, easy to fake and expensive to verify.

Digital licenses and certificates, identity documents and private citizen immunity passports can help you deliver security and mobility for citizens’ information.

Join our webinar: Thursday 4th June 12 midday East Australian time

JOIN WEBINAR!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & WEBINARS

REVIEWS

Recent Comments