FYI.

This story is over 5 years old.

News

The CIA can access every app and message on your phone, according to WikiLeaks

Julian Assange and WikiLeaks have released a sprawling new set of documents that appear to detail the CIA’s powerful hacking tools — ones that are designed to access every app and message on your phone.

The data dump, code-named “Vault 7” by WikiLeaks, contains “8,761 documents and files from an isolated, high-security network” from CIA offices in Virginia. Though WikiLeaks has been accused of cooperating with Russian hackers to further the political agenda of President Donald Trump, the organization claims that Vault 7 has been “circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom” gave part of the archive to WikiLeaks.

Advertisement

The documents initially appear to be legitimate — famed NSA whistleblower Edward Snowden tweeted that Vault 7 “looks authentic.” But the CIA isn’t confirming anything. In a statement provided to VICE News, CIA spokesperson Heather Fritz Horniak said, “We do not comment on the authenticity or content of purported intelligence documents.”

The dump includes documents dated from 2013 through last year and details a wide variety of cybersurveillance and hacking programs. For example, the WikiLeaks documents appear to show that the CIA’s Engineering Development Group has built malware designed to target Android- and iOS-powered devices to circumvent the encryption of services like Signal and WhatsApp.

Another CIA program appears to target internet-connected devices with notoriously weak security standards, such as smart televisions. An initiative called Weeping Angels manipulates users’ TV remotes to cause the system to appear off when it’s really on.

In response to the WikiLeaks dumps, journalists and privacy advocates have stressed that it doesn’t appear the CIA has compromised individual services like Signal, and that similar messaging services are still the most secure options for users. What the CIA can do, as has been previously established with other U.S. agencies, is break into your phone to access those encrypted services.