Apple says many of its devices that have the latest iOS update should be protected from the CIA’s secret hacking program revealed in WikiLeaks’ “Vault7” publication on Tuesday.
The WikiLeaks document dump shined a light on CIA use of malware that can bypass encryption protection in a wide range of devices, including Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs.
In its accompanying press release, WikiLeaks explained: “a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads.”
Apple suggested that the solution to protecting devices from any such hacks is to do what the company always stresses its customers to do: stay current with security updates.
Subscribe today to get intelligence and analysis on defense and national security issues in your Inbox each weekday morning from veteran journalists Jamie McIntyre and Jacqueline Klimas.
Sorry, there was a problem processing your email signup. Please try again later.
Thank you for signing up for the Daily on Defense newsletter. You should receive your first issue soon!
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” an Apple spokesman said in a statement. “We always urge customers to download the latest iOS to make sure they have the most recent security updates.”
The spokesman noted that nearly 80 percent of Apple product users are running the latest version of their operating system.
Apple faced a legal battle last year when the FBI sought its help in breaking into the iPhone 5c used by terrorists in the San Bernardino, Calif., attack in 2015. The FBI ended up paying hackers figure out how to break into an Apple iPhone, but the hack was only applicable to the iPhone 5c and iOS operating system, and not the current lineup of iPhone 7s.
The bureau effectively used cybermercenaries, according to unnamed sources quoted by the Washington Post, to figure out how to break into the iPhone 5c used by terrorists in San Bernardino, Calif. It did not use the Israeli tech firm Cellebrite, as analysts had generally believed.
The Vault7 publication of CIA documents covers a period of time from 2013 to 2016. The latest iOS update, 10.2.1, was released on Jan. 23.
Some of the other companies whose products were mentioned in CIA documents also commented on the potential security threat to their devices.
Google put out a statement late Wednesday that was similar to Apple’s, touting confidence in its security updates for its Chrome web browser and Android phones.
“As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities,” Heather Adkins, Google’s director of information security and privacy, said in a statement. “Our analysis is ongoing and we will implement any further necessary protections. We’ve always made security a top priority and we continue to invest in our defenses,”
WikiLeaks revealed a CIA project called “Weeping Angel,” which turns smart TVs into covert microphones. In regards hacking into the Samsung smart TV, specifically the F8000 model, the spy agency worked with the United Kingdom’s MI5/BTSS, to create a “fake off” mode that allowed secret recording of conversations in the room.
Samsung responded to the WikiLeaks dump by saying the company is “urgently looking into the matter.”
“Protecting consumers’ privacy and the security of our devices is a top priority at Samsung,” the company said, according to the BBC. “We are aware of the report in question and are urgently looking into the matter.”
Microsoft also said it is looking into the WikiLeaks report.