WikiLeaks
Part
2 - CIA malware targets iPhone, Android, smart TVs
CIA malware
and hacking tools are built by EDG (Engineering Development Group), a
software development group within CCI (Center for Cyber
Intelligence), a department belonging to the CIA's DDI (Directorate
for Digital Innovation). The DDI is one of the five major
directorates of the CIA (see this organizational chart of the CIA for
more details).
The EDG is
responsible for the development, testing and operational support of
all backdoors, exploits, malicious payloads, trojans, viruses and any
other kind of malware used by the CIA in its covert operations
world-wide.
The
increasing sophistication of surveillance techniques has drawn
comparisons with George Orwell's 1984, but "Weeping Angel",
developed by the CIA's Embedded Devices Branch (EDB), which infests
smart TVs, transforming them into covert microphones, is surely its
most emblematic realization.
The attack
against Samsung smart TVs was developed in cooperation with the
United Kingdom's MI5/BTSS. After infestation, Weeping Angel places
the target TV in a 'Fake-Off' mode, so that the owner falsely
believes the TV is off when it is on. In 'Fake-Off' mode the TV
operates as a bug, recording conversations in the room and sending
them over the Internet to a covert CIA server.
As of
October 2014 the CIA was also looking at infecting the vehicle
control systems used by modern cars and trucks. The purpose of such
control is not specified, but it would permit the CIA to engage in
nearly undetectable assassinations.
The CIA's
Mobile Devices Branch (MDB) developed numerous attacks to remotely
hack and control popular smart phones. Infected phones can be
instructed to send the CIA the user's geolocation, audio and text
communications as well as covertly activate the phone's camera and
microphone.
Despite
iPhone's minority share (14.5%) of the global smart phone market in
2016, a specialized unit in the CIA's Mobile Development Branch
produces malware to infest, control and exfiltrate data from iPhones
and other Apple products running iOS, such as iPads. CIA's arsenal
includes numerous local and remote "zero days" developed by
CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms
contractors such as Baitshop. The disproportionate focus on iOS may
be explained by the popularity of the iPhone among social, political,
diplomatic and business elites.
A similar
unit targets Google's Android which is used to run the majority of
the world's smart phones (~85%) including Samsung, HTC and Sony. 1.15
billion Android powered phones were sold last year. "Year Zero"
shows that as of 2016 the CIA had 24 "weaponized" Android
"zero days" which it has developed itself and obtained from
GCHQ, NSA and cyber arms contractors.
These
techniques permit the CIA to bypass the encryption of WhatsApp,
Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart"
phones that they run on and collecting audio and message traffic
before encryption is applied.
Source
and links:
Comments
Post a Comment