Security advocates may have a better understanding of the scope of hacking initiatives undertaken by the U.S. Central Intelligence Agency, thanks to a massive new leak of allegedly classified documents from WikiLeaks, suggesting that the CIA paid to obtain zero-day exploits in software.
Some 9,000 pages of documents dubbed “Vault 7” are said to be an overview of hacking techniques employed by the CIA. While most of the methods unsurprisingly target smartphones running Google’s Android platform and Apple’s iOS, some of the efforts focus on devices like Samsung smart TVs and even cars.
Of particular interest is the fact that the CIA — at least as of late 2015 and early 2016, the period to which the leaks apply — relied on a large number of so-called “zero-day” attacks. Zero-day exploits are named as such because they refer to software flaws that are unknown to the vendor, allowing hackers to take advantage of them before they can be patched.
Under President Obama, the White House declared that the government would help disclose and patch security vulnerabilities as they are discovered.
But the WikiLeaks documents would suggest instead that law enforcement have been paying for and utilizing zero-day exploits in large numbers, with no apparent efforts to help fix them.
The paid zero-day exploits stood out among the leaks to Edward Snowden, the former CIA employee and U.S. government contractor who leaked classified information from the National Security Agency in 2013. In Snowden’s view, the documents are evidence that the government is “secretly paying to keep U.S. software unsafe.”
“Why is this dangerous?” Snowden tweeted Tuesday afternoon. “Because until closed, any hacker can use the security hole the CIA left open to break into any iPhone in the world.”
Still, most of the exploits listed in the data dump are largely outdated, experts who spoke with Wired indicated. The WikiLeaks files, instead, give outsiders an idea of the scope of the CIA’s hacking efforts, and the length to which it is willing to go to obtain information.
The files describe a number of CIA programs aimed at remotely hacking mobile and household devices, including using Samsung smart TVs as remote listening devices — theoretically allowing law enforcement to listen in on private conversations within a person’s house without their knowledge.
“Imagine a world where the actual CIA spends its time figuring out how to spy on you through your TV,” Snowden wrote. “That’s today.”