When people camp out for the latest technology, they may be getting more than they bargained for. The latests releases from WikiLeaks, known as “Vault 7,” allege that the CIA may be hacking personal devices to spy on consumers. Apple has adapted its servers to ensure the security of customers.
A major cause of concern after the 9,000 pages of documents were released was the notion that the government could bypass encryption apps like What’sApp and Signal, applications that are designed for encrypted private chats.The official Twitter page for WikiLeaks sent out a Tweet hinting that the CIA successfully compromised these popular apps.
They didn’t. Nothing within the leaked documents suggests that those applications were compromised in any way. The software used by these apps is completely secure, not even the companies providing the service can see data when it’s passed between two cell phones.
Cell phones and other personal devices, however, are not as hard to hack into. The documents claim that the CIA can hack into smartphones, an act typically reserved for nation-state agents. This would allow the hackers total access to the contents of the phone, including messages, the camera, and the microphone.
The Vault 7 documents state that Samsung smart televisions may be compromised. According to the leak, the televisions can have a “false off,” meaning that a microphone may be recording when the consumer believes the television to be off. This is similar to information provided by whistleblower Edward Snowden regarding the privacy of cellphones and other personal devices.
While the CIA is still scrambling to do damage control and find the source while reporters are still working out the fine print on the released documents, it’s understandable that citizen consumers may be panicking.
While panic may not be necessary, citizens can still take steps to ensure their privacy on the internet.
Dr. Connie Justice, associate professor of Computer and Information Technology at IUPUI, suggests staying vigilant about what you post, search online, and who you give your information to.
“Remember anything that has a network connection has the potential of being surveilled,” Justice said.
Justice also suggests keeping your smartphone and any other digital device up to date on security patches, and to use anonymous browsing, as well as using “at least two factor authentication.”
That’s where DUO steps in. Introduced to IUPUI’s campus this year, DUO serves as a two factor authentication system meant to protect students from data breaches.
Daniel Calarco, Chief of Staff at Information and Technology Services at Indiana University, argues that DUO is an effective form of security for students, staff, and faculty.
“It combines what you already have, knowledge based factors, which are usernames and passwords, and it adds another step,” Calarco said.
The other step includes setting up your smartphone to your account, which sends a “push” notification to your phone which must be verified to log into your account. Those without a smartphone receive a token, which provides the user with a code to complete the login process.
“Even if a bad actor manages to compromise one part of the process,” Calarco said, “that is not enough to access data.”
The DUO service protects student information such as financial information, Box accounts, and Google Drive files, among other things. While it just became a requirement for students, the program has been in use for nearly 20 years by the University.
It may be too early to identify the full implications of the Vault 7 documents. While the CIA can neither prove nor disprove at this time if the person responsible for the leak of information was an operative, there remains a large portion of the released documents that need to be carefully read through and examined to determine the level of overreach, if any, that was committed by the CIA.
In the meantime, while WikiLeaks founder Julian Assange argues that this leak is proof that the CIA has “lost control of its arsenal,” there are steps that consumers can take to ensure their cybersecurity and privacy.