What We Know About "Vault 7"

Maybe you’ve heard, some big news hit the privacy world on Tuesday.

WikiLeaks, the organization behind the DNC leak last year, released a trove of documents (ominously) called “Vault 7.” The files reveal a collection of hacking systems developed or obtained by the CIA, and, if true, these tactics are pretty startling. One tool, for example, code-named “Weeping Angel” can allegedly turn a Samsung TV into a recording device--even if it looks turned  off.

Many of you tweeted and emailed us to say these revelations have you side-eyeing your devices. Yeah, we feel you. So here’s a round-up of what we know so far and some suggestions of what to do and read as the story continues to unfold.

First thing’s first, what happened.

The New York Times broke the news, and we like their breakdown of what’s in the leaked documents, what’s true, new, and how it could affect your tech use.

Signal and Encrypted Text Messaging

“Vault 7” reveals the CIA can hack iPhone and Android operating systems, allowing it to intercept messages before they get encrypted by texting apps like WhatsApp, Signal, Telegram, and Weibo. The Note to Self team recommended Signal during our Privacy Paradox project as an encrypted messaging app. But does this new information mean Signal isn’t living up to its promise? No. Signal is encrypting all your messages.

What the leaked documents suggest is that the C.I.A. can use vulnerabilities in the operating system to take control of your phone. Which, as Wired says, means you have bigger problems. Moxie Marlinspike, one of the developers of Signal, also pointed out to New York Magazine that there are limited uses for those so-called "zero-day" tools--every time they get used, they might be discovered and patched. So the surveillance agencies are likely limiting their use to “nation-state actors,” as Wired puts it.

Apple

The “Vault 7” leak suggests the CIA uses “zero day” exploits to target Apple’s iOS. That means it gets into the operating system via vulnerabilities that already exist in the software rather than using malware or viruses. But Apple says they had already patched the vulnerabilities mentioned in the report.

P.S. Remember Apple’s legal battle with the F.B.I last year? It’s outdated, but gives some weight to this line in their statement: “Apple is deeply committed to safeguarding our customers’ privacy and security.”

Samsung

Samsung TVs are said to be targets of a particularly creepy tool detailed in the WikiLeaks documents--one that allegedly allows the CIA to turn TVs into recording devices, even when they appear to be turned off.

Samsung told Buzzfeed News, “Protecting consumers’ privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter.”

Microsoft, Google and Facebook’s WhatsApp are all looking into the claims as well, according to USA Today.

While they have not verified specifics, U.S. intelligence officials confirm the documents themselves are legitimate.

Here’s what to read while you ponder whether it’s time to trade in your connected TV for a short-wave radio…

Leaks usually unearth more questions than answers. Start with these four. (The Washington Post) Julian Assange, founder of WikiLeaks - hero to villain and back again? (The Atlantic)  Weeping Angel. Brutal Kangaroo. Fine Dining. Seriously, who is the mastermind behind these codenames? Oh. Doctor Who. Of course. (The Guardian)

And if these revelations have you thinking about privacy in a whole new way, and you haven't done the Privacy Paradox challenges yet, you can start them any time.