Powerful surveillance tools once held deep inside the CIA are designed to turn any connected device — smart TVs, phones, routers, and — increasingly — cars, into tools to spy on their owners, WikiLeaks claimed this week.
The tools are designed to bypass popular encryption tools like Signal and Telegram.
It isn’t a surprise that a vast intelligence agency has the means to carry out invasive, sophisticated surveillance — and it’s hard to imagine why the CIA would bother to spy on most of us, anyway.
But, alarmingly,WikiLeaks claims that the CIA recently lost control of most of its “hacking arsenal.”
“This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA,” the media release says.
The claim cannot be verified, but it has serious implications.
A physical weapon can be controlled, and potentially recovered if it’s lost or stolen.
But a cyberweapon, which can consist only of code, can be copied and recopied, sold and resold, used by hostile governments, criminals and hackers. It’s not hard to imagine it being published publicly, as the Ashley Madison dating site data was.
READ: WikiLeaks will work with tech companies to deal with alleged CIA hacking, Julian Assange says
What can ordinary people do? Minimize “unnecessary digital connection,” says former Ontario privacy commissioner Ann Cavoukian. The more points of connection, the more points of vulnerability.
“We all live online, but in areas where you don’t really have to have it, I would say, think twice. Beware of all things smart, in terms of TVs and smart fridges and all that kind of stuff.”
Infected Samsung smart TVs, one leaked CIA document says, can be given a “fake off” mode that lets them operate as surveillance devices even when they appear to be off.
“If you have a Samsung TV, disconnect it from the Internet,” Cavoukian says. “Just watch it like a regular TV. If you really care, unplug the thing when you go to bed.”
WATCH: ‘There are some bad people in the world who have Samsung TVs’: Ex-CIA director
READ: WikiLeaks CIA hacking claims: Here’s what you need to know
And most worrying, one leaked document refers to taking control of vehicle systems, which, WikiLeaks points out, “would permit the CIA to engage in nearly undetectable assassinations.”
(Hackers have taken control of Internet-connected cars in proof-of-concept demonstrations, but as far as is known, nobody has so far been harmed.)
“It’s not just a privacy issue,” Cavoukian says. “It’s a public safety issue.”
“I’ve been telling people for years to beware of the consequences of allegedly smart devices,” she says. “You don’t know where the information collected is going, how broadly it’s being shared, what third parties are accessing the data.”
The CIA has so far declined to comment directly on the authenticity of the leak, but in a statement issued Wednesday it said such releases are damaging because they equip adversaries “with tools and information to do us harm.”
— With files from The Associated Press