The CIA can turn your TV into a listening device, bypass popular encryption apps, and possibly control your car, according to thousands of documents published by WikiLeaks, an anti-surveillance group.
The group posted nearly 9,000 documents on Tuesday it said were leaked from the Central Intelligence Agency, in what it described as the largest-ever publication of secret intelligence materials.
It said the trove of documents “appears to have been circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive”.
Jonathan Liu, a spokesman for the CIA, said: “We do not comment on the authenticity or content of purported intelligence documents.”
Experts who have started to sift through the material said that it appeared legitimate.
The leak, named “Vault 7” by WikiLeaks, claims the CIA developed a malware to infect mobile phones to allow easier surveillance – but lost control of the technology. If the CIA really lost control of the technology, hackers worldwide could use the tools to steal data.
Edward McAndrew, a lawyer with a speciality in cyber security, said the security breach is a major concern for the CIA because its technology could already be in the wrong hands
“What we’re hearing from WikiLeaks and others is that pieces of the toolkit are now outside of Langley [the CIA’s Virginia headquarters],” he told Al Jazeera.
“If that’s true, once these tools are introduced into the wild of the internet, they cannot be reclaimed. We’ll then see a race between those who would use these tools to exploit others and those trying to close all these vulnerabilities that have now come to light.”
Why is this dangerous? Because until closed, any hacker can use the security hole the CIA left open to break into any iPhone in the world. https://t.co/xK0aILAdFI
— Edward Snowden (@Snowden) March 7, 2017
The actual hacking tools were not part of the WikiLeaks trove.
WikiLeaks said it planned to avoid distributing tools “until a consensus emerges” on the political nature of the CIA’s programme and how such software could be analysed, disarmed and published.
WikiLeaks said the documents show the CIA has produced more than 1,000 malware systems – viruses, trojans, and other software that can infiltrate and take control of target electronics.
These hacking tools have targeted iPhones, Android systems such as the kind of personal phone reportedly still used by President Donald Trump, popular Microsoft software and Samsung smart TVs, which can be transformed into covert microphones, according to WikiLeaks.
The agency has also examined hacking into the electronic control systems on cars and trucks, potentially enabling it to control them.
By infecting smartphones, WikiLeaks said, the CIA can get around the encryption technologies of popular apps such as WhatsApp, Signal, Telegram, Weibo, and Confide by collecting communications before they are encrypted.
Matthew Green, professor of computer science, told Al Jazeera that “ordinary people” should not have to worry about the revelations.
“What I would perhaps worry about is that some of this might get into the hands of very sophisticated criminal organisations or foreign governments and be used in a very targeted way against activists or human rights workers,” he said.
With additional reporting by Ali Younes