Wiki-Leaks has published a new set of documents, one of its biggest publications in recent years, that shed light on the CIA’s hacking capabilities. Dubbed “Vault7,” the publication contains 8,761 documents and files purportedly taken from a secure network within the CIA’s headquarters in Langley, Virginia. The documents describe a number of remote exploits and hacking tools, similar to the NSA’s ANT catalog published by Der Spiegel in 2013.
CIA apparently finds it more easy to penetrate Android devices as compared to those created by Apple technology
The files contain numerous exploits for both iOS and Android devices, dating from between 2014 and 2016. The agency seems to have had more success targeting Android devices, with roughly 24 weaponized exploits, compared to 14 for iOS. The exploits come from a variety of sources, including partner agencies like the NSA and GCHQ or private exploit traders. In one case, a published iOS 8 kernel attack is listed as an exploit, credited to security researcher Stefan Esser.
Another of the published exploits — code-named “Weeping Angel” — appears to target Samsung smart TVs, which drew criticism on release for their always-on voice command system.
Today’s release is one of the few WikiLeaks publications to include redaction, erasing the IP addresses and other identifying information of many devices targeted by the CIA
According to WikiLeaks, the exploit makes the television “operate as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.” The documents themselves paint a more ambiguous picture, with possible applications focusing on credential extraction rather than direct audio recording.
Today’s release is one of the few WikiLeaks publications to include redaction, erasing the IP addresses and other identifying information of many devices targeted by the CIA. WikiLeaks has been criticized in the past for failing to redact sensitive information, including the medical files of rape victims.
“While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model,” the post explains, “and note that quantity of published pages in ‘Vault 7’ part one already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.”
This piece was first published in The Verge.