Are you being careful about what you say when you talk with someone on your iPhone or Android device? Or even when you watch something on your Smart TV with your family in the living room? Well, it turns out you should be.
According to leaked CIA documents, which we now have insight into thanks to (who else but) WikiLeaks, the Central Intelligence Agency (CIA) has developed a malware that can target your Android or iPhone devices and even your smart TV and use them to spy on you.
The documents, named “Vault 7”, were first leaked by WikiLeaks in March 2017 and reveal a whole lot of disturbing details on how the CIA can attack our privacy.
About the Malware
The malware in question was created by a software development group within the Center for Cyber Intelligence (CCI) called Engineering Development Group (EDG). The CCI is a department of the CIA’s Directorate for Digital Innovation (DDI), which itself is one of the CIA’s five major directorates.
The other four directorates are: Directorate of Intelligence (DI), Directorate of Operations (DO), Directorate of Science and Technology (DST) and Directorate of Support (DS).
So what does the EDG do? According to WikiLeaks, they’re tasked with developing, testing and supporting viruses, Trojans, exploits, backdoors and other kind of malware that the CIA is using in its covert cyber operations. Now, that sounds like something straight out of a Hollywood movie, but unfortunately it’s real.
The EDG is itself divided into two divisions, according to this chart. The first one is the Applied Engineering Division (AED), which consists of five branches:
- Operational Support Branch (OSB)
- Embedded Devices Branch (EDB)
- Automated Implants Branch (AIB)
- Remote Development Branch (RDB)
- Mobile Development Branch (MDB)
We know far less about the second division, only its acronym SED and that it consists of at least four subdivisions:
- Network Devices Branch (NDB)
- Independent Verifications and Validation (IVV)
- Infrastructure Branch (IB)
- ETB (we don’t what this acronym stands for)
How can CIA Even Listen on Your Smart TV?
One of the most disturbing discoveries that we get from these documents is that the CIA can use your smart TV as a bug inside your home. If you were ever worried of bugs and microphones being planted in your house (maybe even looked for them), you don’t have to look very far. Just to your smart TV.
In cooperation with the British intelligence agencies, the CIA has developed a malware dubbed “Weeping Angel” that can effectively be used to turn a smart TV into a microphone.
What the Weeping Angel essentially does is put the TV into a special “Fake-Off” mode, which to the owner makes it look like the TV is off when it really isn’t. This way, the TV then acts as a bug, listening and recording to what is being said in the room and then can send those recordings to a CIA server via the Internet.
The good news is that Fake Off mode doesn’t apply to all smart TVs, only those made by Samsung made between 2012 and 2013 that have firmware versions 1111, 1112 and 1116. Meaning, if you own a, for instance, Philips or some other mark, or even just a newer Samsung, then this doesn’t affect you.
But just in case it does, when Fake Off mode is activated, it will look like the TV is off, with the LED in front changing color and getting dim. However, the one in the back will stay on and that’s how you can tell if your TV is in this mode.
Now, we don’t know if CIA updated its malware in the meantime (Samsung did investigate WikiLeaks claims, as UK’s Mirror reported last year), but in any case it doesn’t hurt to know which models are affected.
These would be:
- 2012: UNES8000F, E8000GF plasma, and UNES7550F
- 2013: UNF8000 series, F8500 plasma, UNF7500 series, and UNF7000 series.
To check whether your TV is one of these models and if is to update it, you need to enter your TVs main menu, then go to Support and from there select Software Update.
What about iPhones and Android?
The same documents also revealed that the CIA has been using a specialized unit in the period between 2013 and 2016 tasked with stealing information and data from Apple and Android devices.
The CIA program, headed by the Mobile Development Branch, was all about exploiting security holes in any Apple product using iOS (so iPads, iPhones, etc.) using something called “Zero Days”. This itself was developed partly by CIA itself and partly obtained from FBI, NSA, GCHQ and even from certain cyber arms contractors on the CIA’s payroll.
When it comes to Android devices, the CIA’s attention wasn’t as great on these as it was on Apple iOS products, mainly because if there lesser popularity in the United States. That said, as of 2016, the CIA had as many as 24 “weaponized” Android “zero days”, developed or obtained from NSA, GCHQ and cyber arms contractors.
Is there any way to Protect Your Privacy from CIA?
These WikiLeaks reports pose a serious question. Is there any way to protect your privacy from CIA and similar intelligence and spy agencies? The obvious answer would be to turn off your Internet, but we kinda need that (and even then, there’s no guarantee that it will work). What then remains is being careful and informed about the devices and applications that you use (especially what firmware they have) and regularly update their software.