THIS week’s WikiLeaks release shows it’s possible to bug phones, computers, TVs and even cars, making it more important than ever to stay on top of your security.
Experts have warned that CIA hacking information obtained by WikiLeaks, if released, could be used by criminals and hackers to unlock people’s devices.
Professor of computer science, Steven Bellovin at Columbia University, said it would be of serious concern for ordinary internet users because the CIA hack could provide a “buffet of bugs for low-end hackers to draw upon”.
Europol chief Rob Wainwright told AP the leak could fuel an increase in cybercriminal activity and Curtin University cyber security expert Mihai Lazarescu said criminal groups would be trying to access code to unlock the CIA’s “cyberweapons”.
WikiLeaks was allegedly given codes that expose how US spies can remotely hack and control smartphones, computers, TVs and vehicles.
WikiLeaks has not released this code, but founder Julian Assange has said he would work with tech companies to develop fixes for them.
It has been revealed that the CIA allegedly developed malware to infect Apple devices, as well as Android phones. CIA also had techniques for bypassing encryption of secretive messaging apps WhatsApp, Signal, Telegram, Weibo, Confide and Clockman.
WikiLeaks has published thousands of documents highlighting how the CIA code can be used, and that it cannot be controlled.
“Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike,” a WikiLeaks statement said.
But well-known cybersecurity expert Rob Graham told news.com.au that much of the sting is removed once code is publicly known, because companies can develop patches for them.
“As soon as any ‘low-end’ hackers get a hold of them, vendors will fix their software and offer patches,” he said.
“As long as users keep their stuff up-to-date (including devices like their TVs) they’ll be fine.”
But Associate Professor Lazarescu said these fixes would not reach everyone.
“There’s no guarantee everyone will deploy the fix, or that everyone knows how to do it well,” he said.
“We can’t expect everyone to do everything they’re supposed to do. Some people ignore patches or fixes.”
Prof Lazarescu said this would give criminal groups a foothold to target individuals.
“It depends on what you have on your mobile phone,” he said. “You may have photos but there’s other information that people store on your mobile such as passport or PIN numbers.”
While WikiLeaks has said it would share the information it had with companies like Apple or Samsung so they can fix the holes in their systems, Prof Lazarescu said those leaking the information were “completely irresponsible” and should be punished.
The revelations mean fixes will be developed to patch security flaws, but Mr Graham said he didn’t think WikiLeaks had necessarily done the public a favour.
“No, I don’t think WikiLeaks has done the American public a favour,” he said.
But those outside the US could be welcoming the hack as the CIA’s operations target foreign individuals as it is illegal for the agency to spy on US citizens.
“I’m pretty sure the rest of the world outside the US, being potentially spied upon by the CIA, would consider this a favour,” Mr Graham said. source