iStock/Thinkstock(NEW YORK) — The explosive claims made by Wikileaks on Tuesday — that the CIA can turn popular smartphones and televisions into remote spying devices — highlights how unwitting consumers have allowed their love for popular electronics to make them vulnerable to covert surveillance.
“It’s a boon for the good guys and the bad guys,” said Tyler Cohen Wood, a former senior U.S. intelligence officer. “There is just so much information that is out there. Everywhere we go, our politics, when we’re home, we’re not home, our health, our pattern of life is out there, and it’s due to these devices.”
WikiLeaks’ allegations — made alongside the release of thousands of documents that purport to be stolen from the CIA — have not been confirmed, but officials say that they appear authentic.
Smartphone listening post
Assuming the documents’ veracity, the leaked documents call attention to how consumers have unwittingly made themselves vulnerable to hacking through the widespread adoption of “smart” mobile devices.
Over the past 10 years, smartphones have taken the consumer electronic market by storm.
Some 77 percent of people in the U.S. now own a smartphone, according to a November 2016 study by the Pew Research Center. That’s a marked increase from 2011, when just 35 percent of the population said that they owned a smartphone.
WikiLeaks claims that CIA spies have had 24 exploits for smartphones powered by Google’s Android operating system. The radical transparency group said that spies had “numerous” exploits for Apple’s iOS operating system.
The techniques appear to go beyond wiretaps, with spooks supposedly having the ability to surreptitiously activate the microphone on a smartphone or smart TV without their target having a clue.
Wikileaks claims that the “techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.”
In a statement to ABC News, Apple said: “While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.”
Google has not responded to requests for comment.
As ABC News reported in August, cyber security researchers discovered at the time three major vulnerabilities in the Apple iPhone operating system affecting users worldwide and prompting the software giant to release a security update. The spy software in that case was able to scoop up messages from any number of apps — including encrypted chat applications like WhatsApp — because of its sophistication.
But Wood noted that the homogeneity of the smartphone software market — dominated by Apple’s iOS and Android operating systems — means that any exploits mean that the number of targets are immense.
“In terms of smartphones, the majority of people do use the two operating systems, and that does enhance the landscape for vulnerability,” she said. “Android throughout the world is the most popular operating system for smartphones.”
“I cannot validate wherever these are actual CIA documents that were leaked to WikiLeaks, but just in terms of vulnerabilities within these devices, it’s always been there,” she said. “Sometimes the vulnerabilities are very low-tech, such as clicking a phishing email, or someone clicking on a fake news site that puts malware on their device.”
Spy TV
Also contained within the more than 8,700 documents published by WikiLeaks on Tuesday, are details of how U.S. intelligence officers — alongside their counterparts at Britain’s MI5 domestic spy agency — were able to create a “fake-off mode” for Samsung SmartTVs.
With “fake-off” activated, the TV would appear to be powered-off — with lights and the screen turned-off — but in reality the TV was collecting audio and video on its target.
Asked about the WikiLeaks claims, Samsung said, “Protecting consumers’ privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter.”
Protecting yourself
For consumers who have concerns, there are no perfect solutions, but steps that you can take to make the spook’s job that much harder.
“One of the biggest issues you have on your phone is the other applications and the permission settings that you have on your device,” said Wood. “A lot of applications that you may download will request access to your microphone, your video, your photos, your geographic location.”
She said that some non-trustworthy companies may be “exfiltrating information about you,” and that consumers should consider where the companies operate and what their terms of use are.
“Turning off settings that [you] don’t need, is really the way that we’re going to be able to fight this battle,” she said.
She added that ensuring your devices are upgraded to the latest software will help protect you by patching any known vulnerabilities.
In extreme cases, when traveling to countries where spy agencies may be interested in planting spy software on your phone, consumers can take a cue from protocols that government employees follow — namely taking a spare, “clean” phone. Senior staff members on Capitol Hill have long made a habit of taking a wiped device with them on foreign travel to countries where adversaries may be interested in surveilling them through their devices.
“We’re in cyber-warfare right now,” said Wood. “We’re moving more and more to this internet connected world where everything is connected, and we’re going to hit at point where you’re not going to have a choice, you’re going to be involved.”
Copyright © 2017, ABC Radio. All rights reserved.