WikiLeaks CIA Reveal:VPN Usage Receives Bonus Points
As if you didn’t already have enough reasons to feel cynical about smart devices, WikiLeaks’ data drop about the CIA just gave you new ones: the online library of news leaks and classified media has published a plethora of documents exposing CIA’s top hacking secrets, mentioning technology that could let the agency access your Android phone, iPhone, smart TV, and Mac and Linux, and Microsoft operating systems.
The release, dubbed as Vault 7, contains over 8,500 documents acquired from the US Central Intelligence Agency’s Center for Cyber Intelligence (CCI) unit.
The Vault 7 series sheds light on CIA’s secret global hacking operation as well as the code and hacking mechanisms they utilize including malware remote control systems, viruses, Trojans and zero day exploits. The tools are being used to hack PCs, smartphones, and even smart TVs … sigh.
Here’s more detail on the early discoveries that are worrisome.
Bypassed Encryption on WhatsApp, Confide & Other Popular Services
Amongst the highlighted disclosures, one that caught attention is the CIA managing to bypass encryption on renowned messaging and phone services like Signal, WhatsApp & Confide. The documentation stated that the agency’s Mobile Development Branch created several iOS exploits with the assistance of NSA, FBI, Cyber Contractors and GCHQ, including “local and remote Zero Days.” More than 24 Android Zero days (weaponized ones) were created by the agency to penetrate Android phones and collect message and audio traffic before encryption took place.
Another alarming exploit includes making smart TVs appear like they’re powered off, but their microphones are actually activated. Consumers around the globe are infiltrating their homes with these devices. The cryptically known “Weeping Angel” attack targets Samsung smart TVs, enabling adversaries to infiltrate the smart TVs and instruct them to pretend they’re switched off while collecting and routing audio to secret CIA servers. WikiLeaks revealed the attack was developed with the help of UK’s MI5 agency. Potential future work, inside a “to-do” list, included using the TV’s WiFi feature in the Fake Off listening mode to transmit collected eavesdropped files to remote servers.
iPhone & Android Phones
The leaked documents reveal that the Mobile Devices Branch of the CIA can deploy hacks to remotely access and control leading smartphones. Those carrying out the attack are able to gain knowledge of the mobile owner’s geolocation, text and audio, and remotely control the smartphone’s microphone and camera. For Android devices, leaked references point towards remote-access exploits, implying no physical access to the device is required. Some exploits target Samsung Tab tablets and the Nexus and Galaxy smartphone series. In specific cases, the description of exploits mention browsers like Opera and Chrome, meaning they could be launched via infected web-pages as the user connects to the internet.
VPN to the Rescue
While the CIA’s hacking operation extends across countries, people can still do a lot to safeguard their privacy. For instance, a VPN (virtual private network) can be considered to mask your activity and identity when you connect any device to the internet.
Options like SlickVPN offer upgraded security against government agencies’ hacking attempts by creating a private connection between your devices and the VPN provider’s servers. High-level encryption is leveraged to oust malware and trackers, and IP cloaking is used to ensure that your location doesn’t interfere with your activity online.
As long as a VPN service provider isn’t handing its logs over to the CIA or has a secret software installed that is remitting the logs to government agencies automatically, its offering is very effective in protecting against government hacking attempts.
And because most of the hacking tools referenced in the documents exposed by WikLeaks work through the internet, a VPN should be used to defeat DPI (Deep Packet Inspection). DPI is a technique used for internet censorship and eavesdropping, much like the listening technique used in smart TVs.
Also, the VPN assigns a random IP address to you from its server, and your existing IP address is assigned a completely separate geolocation. The tactic makes it much more challenging for hackers & surveillance agencies to know your activity – much less discover your smart device.
Bonus Tip: Several of CIA’s hacking attempts won’t be applicable if you never connect your device to the World Wide Web. If you’re really sensitive about your privacy, consider investing in a device that has never been touched by the internet.
Using a VPN is good practice in general when it comes to safeguarding your privacy, but it’s more important than ever after the revelation of Vault 7. Take greater precaution with your privacy, only using a trusted VPN service to prevent intelligence agencies from sabotaging your discretion completely.