Wikileaks released the password to vault7 unlocking a whole slew of 0-day exploits used by the CIA on modern electronic devices such as Iphones, Androids, Windows and Linux OSes as well as Smart TVs.
To read this article you need to have the Wikileaks files downloaded and replace my windows user id “magma” with your own user id if you are using windows.
“file:///C:/Users/Userid/Downloads/WikiLeaks-Year-Zero-2017-v1/year0/vault7/cms/index.html” as an example.
Alternatively, you can take keywords you find in this article and search CTRL + F inside the Wikileaks index document.
The data dump “includes software that could allow people to take control of the most popular consumer electronics products used today,” claimed WikiLeaks.
“‘Year Zero’ introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones,” the whistleblower organisation said in a press release.
This is the largest publication of confidential documents on the CIA in history Wikileaks further noted that today’s release is much larger then Snowden’s release.
In one portion of the release is a program called “Weeping Angel.”
Weeping Angel is the codename that was used by the CIA for hacking smart tvs turning them into “covert microphones” one document explains what a user might do with “Weeping Angel.”
This confirms what CIA Director David Petraeus once said about spying on us through our toaster, vacuum cleaner, washing machine, dishwasher and TV in an old wired article.
It’s not so crazy after all.
As an anonymous hacker once told me who alleged to be a part of the infamous Lulzsec “nothing is secure with a motherboard circuits and a processor everything with a computer chip can be exploited and hacked.”
Weeping Angel — Things you might do
-
Extract browser credentials or history
-
Extract WPA/WiFi credentials
-
Insert Root CA cert to facilitate MitM of browser, remote access, or Adobe application
-
Investigate the Remote Access feature
-
Investigate any listening ports & their respective services
-
Attempt to override /etc/hosts for blocking Samsung updates without DNS query and
iptables
(referred to by SamyGo)
-
Add
ntpclient
update calls to startup scripts to sync implant’s system time for accurate audio collection timestamps
There is also a section dedicated to various programs for exploiting mobile IOS and Android apps as well as the operating systems themselves.
WikiLeaks' #Vault7 reveals numerous CIA 'zero day' vulnerabilities in Android phones https://t.co/yHg7AtX5gg pic.twitter.com/g6xpPYly9T
— WikiLeaks (@wikileaks) March 7, 2017
The CIA even has the ability to bypass encrypted apps like – WhatsApp, Signal, Telegram, Wiebo, Confide, and Clockman.
The smartphones would be hacked first, and then audio and message traffic was collected before encryption was applied through the apps.
Another section in the release is dedicated to bypassing Antivirus software that the CIA calls PSP or Personal Security Products.
Those personal security products that have exploits include –
|
PSPs vs. DLL Injection SECRET
|
Security researchers are already a buzz on Twitter claiming all sorts of things about what the files show Kim Dotcom a good friend of many at WRC has alleged that the files show that the CIA could even use windows’ update a fake process, payload or DNS resolvers and air gap viruses to hack Windows users pcs if true this is massive for the infosec community.
WikiLeaks #Vault7 reveals CIA 'zero days' vulnerabilities Windows, CIA air-gap jumping viruses pic.twitter.com/Wy2yiBE83P
— WikiLeaks (@wikileaks) March 7, 2017
The CIA was also looking at infecting vehicle control systems Julian Assange noted that such control could allow the CIA to covertly commit assassinations Michael Hastings anyone?
“In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency,” the release said. “The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.”
The whistleblower who leaked the data said he wanted to start a conversation about if the CIA has become far too powerful for its own good what do you think? Let us know in the comment section below!
The post Wikileaks Vault7 Reveals CIA Can Spy On You Through Your TV, Smart Phone And Much More appeared first on We Are Change.
from We Are Change https://wearechange.org/wikileaks-vault7-reveals-cia-can-spy-tv-smart-phone-much/
No comments:
Post a Comment