Wikileaks has released Vault 7, the first part in a series of leaks which comprise the largest leakage of secret CIA documents ever. The data Wikileaks obtained was taken from the CIA’s Center for Cyber Intelligence. The leaks revealed that as of 2016, the CIA uses at least 26 “weaponized” zero days and techniques, developed by the NSA and the UK’s GCHQ, which target the Android operating system. In a press release from Wikileaks, the organization revealed that, “These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.”
Many news organizations erroneously reported that the encryption in Signal and other apps had been cracked, which is not true. The New York Times was one of the many media organizations that had taken Wikileaks mention of Signal in their press release out of context. They ended up removing a misleading tweet they had posted, and apologized for the error.
The fact that intelligence agencies like the CIA and NSA have to resort to targeting and compromising individual phones, in order to gain access to messages and other data protected by encrypted apps like Signal, is proof that the encryption in these apps actually works. “I feel like this is actually good news. Confirmation that e2e [end-to-end encryption] in WhatsApp [and Signal] has pushed intelligence agencies from a world of undetectable mass surveillance to a world where they have to use high-risk, expensive, targeted attacks,” Moxie Marlinspike, creator and developer of Signal and the encryption technology behind WhatsApp, said in a Slack chat.
The Vault 7 leaks also show that the CIA is not just hacking mobile devices that run Android. Information contained in the leaks also shows that the agency has many zero days which target Apple’s iOS. The CIA even has a special unit, called the Mobile Development Branch, which creates malware targeted for devices running iOS. Less than 15% of mobile devices run iOS, but the agency may be interested in hacking these devices because of their popularity with elite politicians, celebrities, and businessmen. As of 2016, the CIA had at least 14 exploits targeting various versions of iOS.
During an online press conference held by Wikileaks a few days after the release of Vault 7, Julian Assange told reporters that Wikileaks had also obtained many of the exploits exposed in Vault 7, but had no plans to release them at this time. Assange stated that the organization’s intent is to work with tech companies, such as Google and Apple, to help them patch their operating systems and software, so that they would no longer be vulnerable to the CIA’s exploits.
Other information contained in Vault 7 includes information on the CIA’s ability to hack smart TVs and cars. The leaks also confirm that the CIA uses malware developed in other countries, such as Russia. Using such malware allows the CIA to conduct cyber attacks that appear to be attributed to other countries. Wikileaks is expected to publish more leaks from the CIA in the near future.