WikiLeaks yesterday published an absolute treasure trove of data detailing how the CIA utilizes specialized software and hacking tools to successfully infiltrate, spy on, and in some instances remotely control a vast array of hardware, a list that includes smartphones, web servers, routers and even TVs. In a document dump encompassing nearly 8,000 classified files, we learn that the CIA has an impressive arsenal of software exploits that leaves no computing platform safe from attack.
“The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more,” the report notes.
Of particular interest is the revelation that the CIA houses an internal group which busies itself with iOS-based exploits exclusively.
Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
In the wake of these revelations, Apple late on Tuesday issued a statement to alleviate concerns that the company’s products might still be vulnerable to a laundry list of CIA exploits. In short, Apple maintains that many of the iOS vulnerabilities the CIA previously relied upon have already been patched.
Apple’s statement reads:
Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.
While it’s only natural to draw parallels between the recent CIA document dump and the collection of classified NSA documents leaked by Edward Snowden, some security experts believe that the release of the CIA’s hacking arsenal is far more serious because it references exploits that are far more current than some of the tools and methods revealed by Snowden.