By now most people have heard about the WikiLeaks revelation that the CIA has for years been developing programs to break into iPhones, Droids and Samsung TV’s. Assuming you don’t want them to do that, it turns out there are ways to keep them out of your house.
First, the background. WikiLeaks is the infamous source of supposedly secret data managed by a consortium and led by Julian Assange (who is currently living in Ecuador’s embassy in London to avoid extradition). On Tuesday, WikiLeaks released thousands of pages of data supposedly lost by the CIA (and hence floating around the less public areas of the internet). These include programs for hacking Skype, your Wi-Fi router, Apple and Android smartphones, the apps Signal, Whatsapp, Telegram and more — several millions lines of code (computer programming). So far crucial bits of the code have been redacted by WikiLeaks to prevent it from being used by those who download the files.
But what if you think there’s no reason for the CIA to be snooping on your devices? Unfortunately, WikiLeaks released these files because they were floating around “in the wild” already, which means that not only the CIA but other folks have access to them. And, whatever you think of the CIA, we have no assurance that the outsiders who passed these files around have motives as “pure” as the CIA’s.
There’s been some discussion about whether these files are authentic, but betting in the security community is that they are. Bruce Schneier, who I consider to be a reliable judge of such things, seems to believe they are real and has discussed the topic on his blog twice now:
What you can do
Can you do anything to protect yourself against these tools? Probably, yes. The New York Times had an article on Thursday detailing simple steps you can take to make your devices somewhat more secure. The primary thing is to keep your operating system up to date. This is not news, of course — we in the C&IT Security/Privacy team have been saying this for years.
Make sure your iPhone is using iOS 10 if it can (any iPhone with a model number of 5 or above and any iPad younger than 2013 can run this OS).
For Android devices, (both phones and tablets) any version of the Android OS after version 4.0 should be safe, but older devices such as the Samsung Galaxy S3 won’t run it.
To protect your Wi-Fi router, you are advised to upgrade to the latest firmware, but this is rather trickier to do unless you are comfortable logging in to your router, but you can probably get your internet service provider’s help desk to talk you through the task.
Unfortunately it doesn’t seem so easy to lock your Samsung SmartTV down. Of course, you can always unplug it when you’re not watching it1, although then you have to wait for it to boot up before you can head over to Amazon to watch Mozart in the Jungle or whatever your favorite online streamed program happens to be.
1 Just turning the TV off with your remote does not turn it off. It’s still in listening mode and a malicious hacker can also turn on the camera — yes SmartTV’s have cameras. So watch the hanky-panky in front of your TV — someone may be watching.