Understanding CIA Hacking and What it Means for You

Wikileaks and CIA Hacking

Earlier this week Wikileaks released “Vault 7”, a massive trove of information about CIA hacking activities, raising fears about big brother surveillance programs and sending computer security experts in search of antacid medication.

Here’s are the most important takeaways:

One: The CIA Did Not Break Encryption

Encryption algorithms are highly mathematical complexities involving very large prime numbers. In fact, if you want to take your head for a spin do a little casual background reading on Triple DES.

As far as is known from this particular cache of documents, encryption is still a strong lock on your data. In fact, the The Electronic Frontier Foundation backed this fact up in a recent statement on the hacks:

“While we are still reviewing the material, we have not seen any indications that the encryption of popular privacy apps such as Signal and WhatsApp has been broken. We believe that encryption still offers significant protection against surveillance.

The worst thing that could happen is for users to lose faith in encryption-enabled tools and stop using them.”

Two: Keep Your Devices Updated

The documents describe the exploitation of known software vulnerabilities, particularly in Android and iPhone devices. These are known in the computer security field as “zero day attacks.”

As soon as these vulnerabilities are known to the software manufacturers, they race to write code to patch the hole. Normally, they discover the vulnerability before the public does. The term “zero day” means that the exploitation is not previously known, so the software people have zero days to fix the situation before it is known.

Because manufacturers are constantly releasing security fixes, it is absolute MADNESS not to keep your devices up to date. Take this news as an excuse to make sure that you update your devices early and often, and keep the CIA and everyone else who wants to hack you at bay.

Three: Beware the Internet of Things (IoT)

As we as a society have raced to connect Alexa, Google Home, Smart TVs, and every last doohickey in our homes to our WiFi routers, we seem to have overlooked the inconvenient truth that many of these have microphones and/or cameras.

Here’s the result: the CIA engineered an Orwellian tool called “Weeping Angel” that allows your Samsung TV, when you think it’s turned off, to listen to you and upload the conversation to their servers.

Theoretically, any of your voice-activated digital assistants or any microphone-connected devices could do the same.

Right now, there’s really nothing you can do about it until the IoT community gets together and develops better safety standards. Until then, the super-careful among us should unplug these devices when not in use, and not trust them to be “turned off”.

The post Understanding CIA Hacking and What it Means for You appeared first on Legal Productivity.

Original Source File