CIA able to bypass encryption on several popular messaging apps
Hello, I am digicrypt and thank you for checking out this post. My blog focuses on a variety of crypto/infosec topics but recently I have been running a series on cryptology. Yesterday I made a post concerning Wikileaks release of an encrypted file and the expected release of the passphrase to unlock it. Today's release by Wikileaks dubbed "Vault 7" is one of the largest "data dumps" ever.
"we remain committed to our publishing model and note that the quantity of published pages in "Vault 7" part one (“Year Zero”) already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks."
There is no doubt that millions of people will be going through these documents in the coming weeks, finding all sorts of interesting information. I however want to go over a few pieces of info regarding the CIA's ability bypass the encryption of several encrypted messaging apps.
The documents contain a variety of "hacking tools" and exploits used by the CIA to collect information. Notable targets of these exploits include...
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones."
Incase you are unaware of the meaning of "Zero Day"
"A zero-day (also known as zero-hour or 0-day or day zero) vulnerability is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network.[1] It is known as a "zero-day" because it is not publicly reported or announced before becoming active, leaving the software's author with zero days in which to create patches or advise workarounds to mitigate its actions."
I want to focus on the targeting of phones for the purpose of this article.
"The CIA's Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone."
Iphones were disproportionately targeted. One possible explanation is the phones popularity with high profile individuals.
"Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads".
Android devices were also targeted.
"A similar unit targets Google's Android which is used to run the majority of the world's smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. "Year Zero" shows that as of 2016 the CIA had 24 "weaponized" Android "zero days" which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors."
These techniques allow the CIA to bypass the encryption of several popular messaging apps because they are able to hack the phones the apps are run on and read the message before the encryption process takes place.
The following apps were listed by wikileaks as being subject to exploitation...
- Signal
- Telegram
- Wiebo
- Confide
- Cloakman
Important ( The encryption methodologies are rendered useless because the device itself,running the app has been "taken over")
These apps have been used by whistle blowers and sources who believe they are protecting their privacy.
The agency also has the ability to turn on a phones camera and microphone to record surveillance without the user's knowledge.
Sources:
https://wikileaks.org/ciav7p1/
https://en.wikipedia.org/wiki/Zero-day_(computing)
I will be doing another post about Vault 7 and digital forensics, let me know what you thought about this article and if there is anything else you would like me to do a post on.
Please upvote and resteem if you found this post interesting!
Follow my blog @digicrypt if you want to learn more!
If you would like to donate to support my blog further you can use either of the addresses below
DASH: XgQ9NBonMoCPKhF37agY4W8zk7gwQFnwGV
Ether: XE04RO3I0QA5UKB31OZK4O3CK3TOT03R4TM
Digicrypt,
Signing off
@digicrypt, your post has been chosen by @STEEMNEWS.ONLINE as one of today's promoted posts for its excellent content. We've upvoted, resteemed and published it through Facebook & Twitter.
As the author of a SNO featured article, you've been awarded one TRAIL coin. Please stop by the SteemTrail Discord server to learn more about how to claim your TRAIL coin. You will need an Open Ledger account to do so.
STEEMNEWS.ONLINE is the @SteemTrail for #news and watches the #steemnews tag most closely. Please consider supporting excellent news articles by making steemnews.online one of your operators on Streemian, in addition to steemtrail.
Thank you for your hard work and contribution of excellent content to Steemit.
If you would rather not be promoted by STEEMNEWS.ONLINE, please inform us by replying to this comment and we will honor your request.
Thank you
These days, if your mobile phone isn't turned off with the battery taken out, or placed inside a RF-shielded box where it can't get a signal... there is no guarantee that it isn't listening in on you. Thanks CIA/NSA!
That is correct.Not only your phone but virtually any "smart"device with an internet connection. The datadump goes on to explain how TVs can be turned into spying devices as well. I might try and do a more in depth article when I get the time to do the research.
I have a question: are you an expert on encryption? How does the revelation of this information affect trust in bitcoin encryption, if at all? I forsee this becoming an issue of concern tomorrow or the next day. If you are well versed in this, are you interested in an interview on my channel? I believe this will be a very important concern for the bitcoin community soon and it would be nice to have something out there that people could refer to.
Hey shayne, thanks for the comment. I do not claim to be an "expert" I would say I have a working knowledge of cryptology however, there are a lot of people out there who are much smarter than I am and are actual experts in the field, especially as it applies to bitcoin. Someone like Andreas Antonopoulos comes to mind. That being said I do have some thoughts on the matter and would be happy to discuss them further with you if you like. Also keep in mind there were over 8,000 documents released with more on the way, it will take some time to have a full picture of the consequences of the information and the extent of the capability of the CIA.
Indeed.
Well, I appreciate your response. Andreas is hard to get for an interview -- he's a busy guy and a big world traveler. Can I say that we'll be in touch?
Here is my email digicrypt@protonmail.com