These carried claims that the CIA had developed ways to listen in on smartphone and smart TV microphones.
The CIA, FBI and White House have declined to comment on the authenticity of the files leaked on March 7.
On March 8, CIA officials – who spoke on the condition of anonymity – told media that the criminal investigation was looking into how the files came into WikiLeaks’ possession.
The CIA has not confirmed whether the documents – said to date between 2013 to 2016 – are real.
Several of the tech companies whose products have been allegedly compromised by the CIA gave their first reactions on March 8.
Apple said it had already addressed some of the vulnerabilities.
“The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way,” it said.
Samsung – whose F8000 series of TVs was reportedly compromised – said that “protecting consumers’ privacy and the security of our devices is a top priority at Samsung”.
“We are aware of the report and are looking into it,” a spokesman from Microsoft said.
Google has also reacted to claims that the CIA was able to “penetrate, infest and control” Android phones due to its discovery and acquisition of “zero day” bugs – previously unknown flaws in the operating system’s code.
“As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities,” the company told the news site Recode.
“Our analysis is ongoing and we will implement any further necessary protections. We’ve always made security a top priority and we continue to invest in our defenses.”
The World Wide Web Foundation – which campaigns for internet privacy – said the US government needed to issue a detailed response.
Details of what it is thought to be wide-ranging hacking tools used by the CIA have been published by WikiLeaks.
According to the documents, the alleged cyber-weapons are said to include malware that targets Windows, Android, iOS, OSX and Linux computers as well as internet routers.
Some of the software is reported to have been developed in-house, but the UK’s MI5 agency is said to have helped build a spyware attack for Samsung TVs.
A spokesman for the CIA would not confirm the details.
He said: “We do not comment on the authenticity or content of purported intelligence documents.”
WikiLeaks said that its source had shared the details with it to prompt a debate into whether the CIA’s hacking capabilities had exceeded its mandated powers.
According to documents dated June 2014, the effort to compromise Samsung’s F8000 range of smart TVs was codenamed Weeping Angel.
They describe the creation of a “fake-off” mode, designed to fool users into believing that their screens had been switched off.
Image source Wikimedia
Instead, the documents indicate, infected sets were made to covertly record audio, which would later be transferred over the internet to CIA computer servers once the TVs were fully switched back on, allowing their Wi-Fi links to re-establish.
Under a “future work” section, it is suggested that video snapshots might also be taken and the Wi-Fi limitation be overcome.
Samsung has not commented on the allegations.
WikiLeaks also claims that as of 2016, the CIA has built up an arsenal of 24 Android “zero days” – the term given to previously unknown security flaws in code.
Some of these are said to have been discovered by the CIA, but others were allegedly obtained from the UK’s GCHQ agency as well as the NSA and unnamed third-parties.
Samsung, HTC and Sony devices, among others, were said to have been compromised as a result, allowing the CIA to read messages on Whatsapp, Signal, Telegram and Weibo among other chat services.
It is also claimed that a specialized CIA unit was set up to target iPhones and iPads, allowing the agency to see a target’s location, activate their device’s camera and microphone, and read text communications.
The CIA unit is also reported to have made use of further iOS “zero days” obtained from GCHQ, the NSA and FBI.
Other claims say the CIA:
was trying to find ways to infect vehicles’ computer control systems. WikiLeaks claims these might have been used for undetectable assassinations.
had found ways to infect “air-gapped” computers – machines that are not linked up to the internet or other insecure networks. Methods are said to have included hiding data in images or hidden parts of computer storage.
had developed attacks against popular anti-virus products
had built up a library of hacking techniques “stolen” from malware developed in Russia and elsewhere
WikiLeaks describes its release as the first in a series of planned leaks about the CIA’s cyber-activities, which it refers to as Vault 7.
The material had already circulated among hackers who used to work for the US government as well as contractors in an unauthorized manner.
This website has updated its privacy policy in compliance with EU GDPR 2016/679. Please read this to review the updates about which personal data we collect on our site. By continuing to use this site, you are agreeing to our updated policy. AcceptRejectRead More
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.