Tag Archives: Vault 7

Software Industry Greed is Driving the Assault on our Privacy & Security

The motivation to release software, without proper testing, in order to generate a quick buck is as much of a threat to our security and privacy as the activities of hackers and alphabet agencies. It is time that software companies started to pay the price for the sorry mess that their greed is helping to create.

Once upon a time these matters could be considered in isolation but with the “Internet of Things” connecting millions more devices every day we are headed for a world that will have 28 billion IoT devices by 2020.

Consumer concern will not halt the rollout. A staggeringly high number of consumers hold serious concerns about the possibility of their information getting stolen from everyday devices – their smart home, their tablet, their laptop. One would think therefore that this concern would pressure software manufacturers to be more rigorous in their pre-GA testing activities. Not so.

Why? Because so much of this IoT stuff is embedded and consumer awareness is mainly limited to the high profile exposures. Consumers are not hesitating to purchase connected devices because consumers do not know that the devices are connected.

Samsung’s SmartThings smart home platform is a leaky colander of loosely connected hack prone software. IoT security hardening is not just about the particular application but also about building security into the network connections that link applications and that link devices.

And then there is the “Data”. The amount of this stuff that is generated by IoT is intractably large. As few as 10,000 households can generate 215 million discrete data points every day. This creates more entry points for hackers and leaves sensitive information vulnerable.

The number and variety of privacy attack vectors becomes unmanageable very quickly. From the CIA hacking your Samsung TV, uBeacons doing their bit (uXDT & Audio Beacons – Introduce your Paranoia to your Imagination), hackers controlling your car, it’s a worryingly real threat to the personal security and privacy of every one of us.

If the CIA’s Directorate of Digital Innovation (DDI), who are tasked with delivering cyber-espionage tools and intelligence gathering capabilities, cannot even secure their own USB drives then what chance do the rest of us have.

Unfortunately the answer is that we have no chance.

ENDS 

The CIA Dark Triad – Windows, macOS & Linux

According to the WikiLeaks Vault 7 dump the CIA deploys malware that includes the capability to hack, remotely view and/or clone devices running the Windows, macOS, and Linux operating systems.

This seems to suggest that the agency has no problem bypassing encryption, proxies, VPN and that Tor anonymity is a myth.

This does not mean that each of the point solutions offering a product under each of the above headings have been compromised. Rather it means that the OS level hack capability of the CIA – as seen on iOS and Android – means that they can gain full control of the device and render any point solution counter measures moot.

Therefore they subvert the platform which by extension means that anything that is running on the platform is subverted.

Tablet, laptop, smart-phone, AV device – it seems they are all fair game and in that case so is everything that you do on them.

You have been warned.

You are being watched.

ENDS