The day before yesterday, WikiLeaks released thousands of top secret documents that reveal the CIA's computer hacking techniques, which would have the ability to fit into any iPhone, Android phone, Windows PC, Mac and Linux and even Smart TVs to spy on practically every person in this world. With the name Vault 7 or " Year Zero " is identified the global hacking operation carried out by the CIA, the American espionage agency, which secretly and without informing companies about the safety problems of their products, has exploited many bugs (called zero-day because not yet publicly known) of the most common software such as Windows, Android, iOS and others, to spy on users. Already now security experts, companies and non-profit organizations are still examining all the documents in the Vault 7 archive and already today Google and Apple have made it known that they have corrected all the bugs documented on their products.
Some of the documented attacks and malware are really powerful, which allow spies to remotely control the operating system "kernel", that is, its heart that controls the functioning of the smartphone, to obtain "root" access and capture all the information within it, including messages, location, contacts etc.
Below, we see a summary of what has transpired and which can be found written on the Ciagate documents disseminated by Wikileaks (and downloadable by following these links via Torrent, with this access password).
To understand what it means as published by Wikileaks, let's try to summarize the most important parts.
1) The CIA has not violated the encryption of Apps, but manages to bypass it thanks to root access on phones and account theft. the malware is therefore able to read private chats without breaking the encryption, bypassing the protection of applications such as WhatsApp, Signal, Telegram. Basically it is as if the CIA was sitting next to us on the train while we are writing a message or talking to someone. It doesn't matter, therefore, if the messages were encrypted during transmission and sending, because the malware manages to look inside the device even before any security measures come into play.
2) The CIA uses effective malware for all computers, not only Windows, but also Linux and MacOS, to spy on every PC remotely and see everything that is being done online, even if you remain hidden behind protected programs such as Tor Browser . Again it is not a Tor Browser problem which in itself remains a safe program, but it is the system that is vulnerable.
3) The CIA uses malware-modified versions of some of the most popular PC programs and applications to spy on its targets, using them from a USB stick. For example using modified versions of Chrome, VLC, Irfanview, Firefox, LibreOffice, Skype and others. In addition, the CIA has organized and collected all known malware codes and hacker tricks to be able to readapt them for their needs.
4) According to Vault 7, the CIA has worked desperately for years to try to overcome Apple's encryption. The documents describe how the CIA tried to find the keys to decrypt the data stored on Apple devices using different types of iOS vulnerabilities, which Apple has already claimed to have covered.
5) The CIA can access everything if it is connected to the internet thanks to IoT devices, Internet Of Things, i.e. wireless devices such as cameras, smart TVs, alarm systems, electrical outlets and so on. The IoT problem has been known for some time, because most of these devices are not updated with new patches and remain absolutely vulnerable to any attempt at remote espionage. The biggest problem, however, are Smart TVs, like those of Samsung, which, even if turned off, can be used to secretly record conversations in the room and send them via the Internet to a CIA server (it is clearly written that they use the Weeping Angel program) . In response to the CIA's WikiLeaks documents, Samsung has already released a statement saying it is already working to protect customer privacy.
7) This CIA scandal is of the same magnitude as Snowden's revelations about global control practiced by the other US agency, the NSA. While Snowden's revelations regarding the global surveillance of messages and phone calls around the world, CIA data so far show only the tools that may have been used for spying, but not the extent of this hacker activity.
There is, for now, no real evidence of mass surveillance on smartphones and computers in the leaked documents. Technologically, the NSA is far ahead of its technical skills than the CIA. Not to mention that today we are much more prepared to receive news of similar scandals than a few years ago, when we were much more naive.
All this only confirms the fact that online security does not exist .
You can take many precautions to surf the Internet safely online, you can install all the best antivirus, firewall and other programs to check if we are spied on, but in the end against unknown security bugs on operating systems it is impossible to protect yourself.
This also means that the best way to protect yourself is always to update systems and programs to the latest versions available and stop using programs that are no longer supported such as Vista, XP or Android phones older than at least version 5 or iPhones that no longer receive iOS updates.
