This could be a big hit for encryption, affecting millions that depend on end-to-end encryption for sending private messages
The New York Times is reporting that a newly released set of documents from Wikileaks is said to contain important details showing that the American Central Intelligence Agency had developed methods and technologies for hacking devices previously thought to have been secure.
According to their report, the yet to be confirmed leak that Wikileaks is calling Vault7 highlighted how the agency was able to break through encryption on smartphones, computers, and smart TVs.
Among the trove that has been leaked over the past hour were manuals on how the CIA utilizes malware to infect systems like Windows, Linux, and others.
Singled out here was the vulnerability of Android devices wherein it would appear that government hackers had found a way to access audio and message traffic before the point of encryption.
Essentially, instead of trying to break through the wall of strong encryption, the hackers have opted to go around the unprotected sides.
If these reports are proven to be accurate, it would undermine the public trust in apps that have become synonymous with privacy and security. Open Whisper System’s Signal app, whose technology has been transplanted into Whatsapp to provide end-to-end encryption, was noted as one of the apps that were affected. Also mentioned was the widely popular Telegram.
What is extremely frustrating here is the fact that the failure here is not on the individual app makers but on Google’s own design of Android. Leading the changes to plug this hole will likely be much more difficult than if the problem was simply a flaw with a single app maker.
Even worse, is the concern that after all the effort to get users onto end-to-end encrypted apps, this news could undermine it all. What folks need to remember is that encryption for your browsing and communications is not meant to protect you against well-resourced groups like the CIA, but more so against criminals or other bad actors that want to steal your info.
For all those iPhone owners out there, don’t start celebrating quite yet. Apple products are generally known to have better somewhat protections than Androids. However, it would be ill-advised to assume that the government has not put the effort into finding ways to crack your phones as well. After all of the noise that the Department of Justice made over trying to get Apple to open up Syed Farook’s phone, they eventually just paid their way to get inside.
At the end of the day, it is important to recognize that encryption, like any kind of defense, is a game of cat and mouse. For every wall that is put up, the attacker will find a smarter way to get through to the other side. This is how the game is played. We shouldn’t let news like this shake us and turn us away from using best practices. Between their purchases of Zero Day exploits and in-house talent from units like the Tailored Access Operations (TAO) units, we should expect that the CIA is doing its best to stay ahead of efforts to thwart its access into all the dark corners of the internet.
Moving forward with these new revelations, we are left with a couple of pressing questions. First, do these hacks mean that the government can simply scoop up data that was thought to be encrypted the same as the non-encrypted material, mass surveillance style? Or does it mean that they will still have to target you more directly and with these tools can just make easier work of it?
Copyright: budastock / 123RF Stock Photo
from e27 http://ift.tt/2mzp3Nl