What WikiLeaks CIA Hack Means for You and Your Gadgets
The WikiLeaks data dump on CIA activities may be propaganda, but there are some lessons within on how to keep your devices safe and private.
UPDATED 8:45 a.m. ET Wednesday, March 8, with comment from Apple, Microsoft and Samsung.
Worried about the hacking secrets revealed in the latest Wikileaks data dump?
Here’s what you need to know. The WikiLeaks revelation might be part of a Russian disinformation campaign meant to undermine the U.S. intelligence agencies in general, and to more immediately lend credence to President Donald Trump's allegations that former President Barack Obama spied on him.
Some of the CIA hacking tools mentioned in the WikiLeaks dump are real. Some of them probably are not. We may never truly know which is which. (But we are intrigued by the one about turning a Samsung Smart TV into a listening device.)
UPDATE: In a statement released to news outlets Monday evening, Apple said it had already fixed some of the flaws revealed in the WikiLeaks data dump.
"Many of the issues leaked today were already patched in the latest iOS," the company said.
However, while that's undoubtedly true regarding the list of exploits for older versions of iOS, many of which are publicly known, the WikiLeaks file mentioned many exploits and vulnerabilities that have not yet been fully disclosed, by WikiLeaks or by anyone else. In other words, Apple can't know whether all the flaws have been patched if it doesn't know how all the flaws work.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
In statements given to the BBC, Microsoft and Samsung said they were both looking into the allegations made in the documents.
MORE: Best Encrypted Messaging Apps
For the moment, all we can tell you to do is to keep your PCs, Macs, iPhones and Android updated to the latest versions of their operating systems, to run antivirus software on Windows, macOS and Android, and to be wary of smart-home devices that are always listening to what you say. (And if your Android device can't be updated beyond Android 5.1 Lollipop, get a new one.)
WikiLeaks says the cache of information, reportedly "8,761 documents and files," came from "a former U.S. government hacker [or] contractor." That's possible. It's also possible that it came straight from the Russian intelligence services, which is how WikiLeaks apparently obtained emails stolen from the Democratic National Committee.
As such, we can't completely trust what's in the files. But let's go over the important stuff:
Allegation: The CIA knows how to hack into iPhones and Android phones.
Reality: Yes, of course it does. So do the NSA and the foreign-intelligence agencies of Britain, France, Russia and China.
Impact and what you can do: Unless you're a high-value target, such as a terrorist, arms dealer, foreign politician or diplomat or, well, a spy, the CIA will probably not be interested in what's on your phone.
Allegation: The CIA can bypass the encryption used by WhatsApp, Telegram, Signal and other secure messaging services.
Reality: Yes, it can, but only if an "endpoint" -- a phone or computer sending or receiving a secure message -- has been hacked by other means. The CIA is not "cracking" the encryption. Because the message is decrypted at the endpoint by the messaging software anyway, the CIA doesn't need to decrypt the message itself.
Impact and what you can do: Unless you're a high-value target, as outlined in the previous answer, keeping your phone's operating system and apps up-to-date will protect you from cybercriminals who may also want to read your secret messages.
Allegation: The CIA can turn a Samsung Smart TV into a listening device.
Reality: Unknown, but likely. WikiLeaks alleges that the CIA tool "Weeping Angel" (a Doctor Who reference), developed with Britain's MI5, puts Samsung Smart TVs in a "fake-off" state in which the device only appears to be turned off. (Previously reported NSA/CIA eavesdropping tools for iPhones allegedly work in a similar manner.) Presumably, this only works on voice-command-enabled Samsung Smart TVs, which constantly listen to background noise.
Impact and what you can do: If your TV can't listen for voice commands, you're probably safe. If it does, you could unplug it when it's not being used.
MORE: Simple Ways to Prevent Hackers From Ruining Your Life
Allegation: The U.S. Consulate in Frankfurt is used by the CIA as a base for agency hacking activities.
Reality: CIA spies routinely use State Department diplomatic cover to travel and reside abroad. Every U.S. Embassy contains a CIA station. The only news here is that the Frankfurt consulate is named as a center for information-security activities.
Impact and what you can do: Nothing for the average consumer, but the instructions for CIA operatives on how to adjust to life in Germany are a good read for any tourist.
Allegation: The CIA uses antivirus software, along with other kinds of software, as "decoys" to provide cover for its hacking activities.
Reality: Not surprising. The report says legitimate software is used as part of the CIA's "Fine Dining" program (possibly a SpongeBob SquarePants reference) to infiltrate computer systems not connected to the internet. Criminals use hacked versions of real software all the time. It's not clear whether the antivirus software itself is altered by the CIA, or whether the software runs unaltered in the foreground while more nefarious deeds happen in the background.
Impact and what you can do: Be wary of antivirus warnings that pop up when you’re browsing online. They’re probably not from the CIA, but instead from criminals and tech-support scammers who want you to pay for malware protection that doesn’t work.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.