This has been a dark week in the world of technology, with WikiLeaks’ mammoth ‘Vault 7’ document release making for some deeply unpleasant reading.
The 8,761 files published by the whistle-blowing organisation allegedly came straight from the CIA, which is believed to have been using a variety of hacking methods to secretly spy on people through their electronic devices.
The agency is also said to be capable of pinning the blame for cyber attacks on other countries.
WikiLeaks is set to follow this up by publishing the redacted details of all of the CIA’s cyber weapons, but will give technology companies initial exclusive access to them, to prepare themselves against hackers.
Fortunately, there are also a number of simple steps that ordinary people can take to protect themselves, without going off-grid.
1. Update your phoneThe agency was able to remotely control and monitor phone activity, both on Android and iOS, according to the WikiLeaks documents. Both Apple and Google have said that they’ve addressed “many” of the vulnerabilities allegedly exploited by the CIA.
The best thing users can do is update to the latest available version of their phone’s operating system, as this provides the highest level of protection. Apple and Google have pledged to fix any remaining flaws, so you can expect more software updates to become available in the near future.
2. Check your TV‘Weeping Angel’ is one of the most chilling revelations of them all, allowing the CIA to turn smart TVs into covert microphones, according to WikiLeaks. The attack, which is said to have been developed alongside the MI5, enabled agents to infiltrate TVs and make them appear to be turned off.
In this ‘Fake Off’ state, they could listen in on everything that people were saying around them, and send the recordings to a CIA server over a web connection.
Only a select group of Samsung models are reported to be vulnerable to the hack. These are: UNES8000F, E8000GF plasma, UNES7550F, UNF8000 series, F8500 plasma, UNF7500 series and UNF7000 series. Even then, they have to be running old firmware, such as versions versions 1111, 1112 or 1116.
It’s also understood that a CIA agent would have had to have physical access to a TV in order to carry out the Weeping Angel hack, but you can ensure it’s not been tampered with by switching your set off and checking the back of it for a blue LED.
You can see which firmware version your TV is running by going to the main menu, choosing support and then software update. From here, you can update to the secure version 1118.
3. Stop using Internet ExplorerA short section in the Vault 7 leaks says that the CIA used a “very simple technique” to steal passwords saved by Internet Explorer.
Microsoft ended support for Internet Explorer 8, 9 and 10 over a year ago, meaning that only version 11 receives security updates from the company. The browser has no future though, with IE11 confirmed as the final iteration, and Microsoft itself recommends that users choose alternatives.
Edge is the default browser on the latest versions of Windows, with Chrome and Firefox its main competitors, and all three are better to use than Internet Explorer. What’s more, Google says that Chrome has already fixed most of the vulnerabilities the CIA was allegedly capable of taking advantage of.
4. Don’t rely on antivirusThe Vault 7 documents say that antivirus programs were hoodwinked by the CIA, which used a variety of techniques and tricks to bypass them. Often seen as the ultimate safety net by consumers, even they can't stand up to the CIA.
“CIA hackers developed successful attacks against most well known anti-virus programs,” according to WikiLeaks. “These are documented in AV defeats, Personal Security Products, Detecting and defeating PSPs and PSP/Debugger/RE Avoidance.”
21 separate security products are listed in the leak, including: Avast, AVG, Avira, Bitdefender, ClamAV, Comodo, DaRT, ESET, F-Secure, GDATA, Kaspersky, Malwarebytes, McAfee, Microsoft Security Essentials, Norton, Panda, Rising, Symantec, Trend Micro, Zemana Antilogger and Zone Alarm.
Most of the details have been redacted, but one of a handful of remaining sections reads, “F-Secure has generally been a lower tier product that causes us minimal difficulty. The only annoyance we have observed is that F-Secure has an apparent entropy-based heuristic that flags Trojaned applications or other binaries containing encrypted/compressed payloads. Two defeats are known to exist.”
5. Get serious about your dataThis is general good practice, but it’s more relevant than ever in the wake of the Vault 7 leaks. Take extra care with your data, only downloading the apps you really need to use.
The recent case of the Meitu app is a good one to consider. The light-hearted photo-editing app didn’t do very much, but demanded a disconcertingly huge number of permissions, including access to the phone’s contacts, messages, IMEI number and USB storage. All of this information was being to servers in China.
On the search side, DuckDuckGo, a privacy-focused search engine, is becoming an increasingly popular service for web users, who have lost faith in the traditional tech giants.
0 comments: