Apple, Microsoft, Samsung Respond To Wikileaks ‘Vault 7’ CIA Data Dump
Several technology firms have issued statements after Wikileaks published a massive cache of documents alleging that the Central Intelligence Agency (CIA) had developed methods to hack popular electronics devices, including iPhones, Android handsets, and Samsung smart TVs. Dubbed "Vault 7," the data dump is considered the largest public reveal of confidential documents related to the CIA.
If the documents are real, they contain detailed exploits on popular devices that would allow the CIA to snoop on users and even take control of gadgets. The documents, which are dated between 2013 and 2016, purportedly include a variety of exploits, including those the United States government developed on its own as well as ones that were bought or otherwise obtained from third-party sources. They also indicate that the CIA created malware targeting Windows PCs.
"We are aware of the report and are looking into it," Microsoft said in a terse statement.
Apple had quite a bit more to say on the matter, as it wanted to make clear that it had already patched some of the vulnerabilities listed in the report.
"The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way," Apple said. "Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system.
"While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue to work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security update."
Among the alleged exploits contained in the documents was one that affected Samsung's F8000 series of smart TVs. The report suggests that the U.K.'s MI5 agency developed a USB connection-based hack on those models. It's said that hacking tools available to the CIA allowed the agency install spyware that would give owners the impression their Samsung TV was turned off, when it was actually still on—a mode that is called "Fake-Off." In Fake-Off mode, the smart TV is capable of recording conversations and sending those recordings back to the CIA through a secure channel.
"Protecting consumers' privacy and the security of our devices is a top priority at Samsung," the company said. "We are aware of the report in question and are urgently looking into the matter."
While Android devices were implicated in the report, Google declined to comment. The documents claim the CIA was able to hack into and take control of Android phones due to multiple zero-day vulnerabilities, some of which were discovered and others that were purchased.
The CIA has not commented on whether the documents are real. However, one of its former chiefs relayed his concern to the BBC.
"If what I have read is true, then this seems to be an incredibly damaging leak in terms of tactics, techniques, procedures, and tools that were used by the Central Intelligence Agency to conduct legitimate foreign intelligence," former CIA director Michael Hayden said. "In other words, it's made my country and my country's friends less safe."
Not everyone is surprised to learn that the CIA hacks into devices and spies on users. Assuming the documents are real, the other story here is that the CIA was unable to keep this information secret. It's a black on on an agency that is supposed to always be one step of ahead, and it underscores a need to do a better job vetting government contractors.