WikiLeaks Vault 7, Year Zero: CIA Can Hack iOS, Android Devices, Access Encrypted Messaging Apps Like WhatsApp, Alleged Documents Say
A recent dump of documents from WikiLeaks purports to reveal a specialized hacking division inside the Central Intelligence Agency’s Center for Cyber Intelligence dedicated to developing and gathering exploits to manipulate iOS and Android devices.
The cache from WikiLeaks, dubbed Vault 7, includes 8,761 files that focus primarily on the CIA’s “hacking arsenal.” The information dump reveals a number of tools the organization reportedly uses to gather data and intelligence.
WikiLeaks claims the files were obtained recently—stating the CIA “lost control” of its hacking tools—and cover CIA practices as recent as 2016 and dating back as far as 2013.
Revealed within the documents is a dedicated team of hackers who produce malware and other malicious programs designed to infect mobiles devices, including developers working to infect iOS and Android phones and tablets.
According to WikiLeaks, the CIA’s collection of hacking tools includes a number of “zero day” exploits—vulnerabilities that have yet to be addressed. The agency has reportedly worked to develop its own attacks on these vulnerabilities and have also purchased exploits from contractors.
The CIA put particular emphasis on attacking iOS devices despite the relatively small market share on a global scale. While iOS is running on just 12.5 percent of mobile devices according to IDC data, WikiLeaks theorizes the CIA focused on Apple’s mobile operating system because the iPhone is a popular choice among “social, political, diplomatic and business elites.”
The CIA also reportedly had access to 24 zero day attacks that affected Android devices. Those attacks were developed internally and with the help of other agencies including the National Security Agency (NSA) and the United Kingdom Government Communications Headquarters.
By using the zero day attacks to hack devices, the CIA would be able to bypass encryption protocols that would protect intercepted messages sent through encrypted channels. Popular encrypted messaging apps like WhatsApp, Signal, Telegram and Confide would be rendered useless by such an attack.
WikiLeaks suggests in its press release that the encrypted messaging apps themselves may have been compromised, but that is not the case. Edward Snowden pointed out on Twitter it is the operating systems that have been hacked, which can allow access to the apps on the device. Snowden said the hack of Android and iOS is “a much bigger problem.”
When asked if they could confirm the validity of the Vault 7 information posted by WikiLeaks, a CIA spokesperson told International Business Times, “We do not comment on the authenticity or content of purported intelligence documents.”
© Copyright IBTimes 2024. All rights reserved.