The series of documents leaked by WikiLeaks against CIA is reported to have made use of previously unknown flaws in Apple’s iOS operating system.
Over this issue, several of the tech firms whose products have been allegedly compromised by the CIA have given their first reactions to the claims.
Tech majors like Apple and Samsung, which have been the subject of scrutiny following the WikiLeaks expose, have responded to claims that their operating systems could be open to vulnerabilities.
Apple claimed the problem was already patched in the latest iOS, “we will continue work to rapidly address any identified vulnerabilities”. It said the technology built into the iPhone is the best data security available to consumers and Apple is “constantly working to keep it that way”.
Apple added that the nearly 80% of their users have been running the latest technology into the operating system because of their quick security updates.
Thousands of documents published by WikiLeaks included allegations that CIA had developed ways to listen and record conversations near smartphone and smart TV microphones like that of Samsung mart TVS.
Samsung, whose F8000 series smart televisions was reportedly compromised via a USB connection-based hack co-developed with the UK’s MI5 agency, said protecting consumers’ privacy and the security of devices is a top priority and that the company will be looking into the matter urgently.
The leaks claimed CIA had worked with British intelligence agencies to create a ‘Fake Off’ mode for the smart televisions which could be used to spy on the users.
The leaks also claimed that the CIA had created malware to target PCs running Microsoft’s Windows operating system, on which the company said that it was investigating into the issue. On reports that the CIA had created “attack and control systems” that could hijack computers powered by Linux-based software, The Linux Foundation CTO Nicko van Someren told BBC that the “rapid release cycles” have helped the open source community to fix vulnerabilities and release them faster to end users.
The worst-hit, Google declined to comment on allegations that CIA was able to “penetrate, infest and control” Android phones due to its discovery and acquisition of “zero-day” bugs – previously unknown flaws in the operating system’s code.
Another messaging app, Telegram also issued a statement saying that the issue doesn’t apply to their individual app, but rather to the smartphone software itself because encryption of the app doesn’t ensure data security if the device is compromised at a root kernel level. While Telegram has faced criticism in the past over its security claims, it does have a point. It goes onto say in its post that device and OS manufacturers, like Apple, Google, or Samsung need to fix the problems.
Meanwhile another messaging app called Signal has also found mention in the leaks but it has pointed out that the app was not compromised. Signal incidentally uses the Open Whisper System protocol for encryption which is used by bot WhatsApp and Facebook Messenger.
The World Wide Web Foundation- which campaigns for internet privacy – said the US government needed to issue a detailed response.
“Weaponising everyday products such as TVs and smartphones – and failing to disclose vulnerabilities to manufacturers – is dangerous and short-sighted,” said www Foundation, adding that if these assertions prove true, “we will call on the Trump administration and other governments to stamp out such practices.”