WikiLeaks has set off an avalanche of alarming headlines with its publication of purported CIA documents.
Allegations that the U.S. agency has hacked into smartphones, laptops, and internet-connected TVs to spy on people around the world are enough to make anyone paranoid.
But security experts are urging tech consumers to keep calm and take a few simple precautions. The document dump reveals nothing terribly new or surprising in technical terms, the experts say. Mobile spy tools have been around for years.
“That the CIA hacks is like saying water is wet — it’s them doing their job,” said Nicholas Weaver, senior researcher with the International Computer Science Institute at the University of California, Berkeley.
The WikiLeaks publication serves as a reminder that anyone with a smartphone or another device connected to the internet is vulnerable to hacking.
“No computer system is impenetrable,” said Shuman Ghosemajumder, chief technology officer with cyber security firm Shape Security. “Given enough time, effort, and resources, a nation-state or even a well-funded cybercriminal group is capable of compromising almost any popular system we think of as secure.”
Why I did it: Twitter account hackers tell all
Don’t want to get hacked? Get off the internet and use snail mail to communicate. But If you want to stay plugged in, here are a few steps to help protect your privacy.
Keep devices up to date
“The average user of smartphones and smart TVs is more at risk from a random malware infection than a targeted attack using the CIA tools,” said Katie Moussouris, founder and CEO of cyber security firm Luta Security.
Keeping devices up to date is the best way to avoid vulnerabilities — that includes software and hardware updates.
Even if you’re worried about being hacked by the CIA, “you want an up-to-date phone,” Weaver said.
The WikiLeaks publication indicates that older Android 4 devices were particularly vulnerable to exploitation. Weaver suggests using newer Android and Apple phones (at least an iPhone 5) and arming them with strong passwords.
Apple (AAPL, Tech30) said Tuesday that its latest software update eliminated “many” of the potential iPhone hacking methods pointed out by WikiLeaks.
The scotch tape defense
Even Facebook (FB, Tech30) founder Mark Zuckerberg, a guy who employs some of the world’s smartest engineers and coders, protects himself from hackers with pieces of tape over his laptop’s camera and microphone jack.
“It may seem ridiculous that the world’s leading security companies and security experts would put tape over their webcams, but it is the only way to guarantee they cannot be switched on by software,” Ghosemajumder said.
Unfortunately microphones can still pick up decent audio even if they’ve been covered with tape. That’s why security experts say they are baffled that anyone would voluntarily buy sophisticated, microphone equipped devices that connect to the internet — Amazon’s (AMZN, Tech30) Alexa or Samsung’s (SSNLF) smart TVs, for example.
“They’re just creepy,” Weaver said. He added that people with smart TVs should be less worried about the CIA than about companies that manufacture smart devices and could be compelled to hand data over to a government agency.
Unplug your smart TV
The WikiLeaks publication talked about “Weeping Angel,” an alleged CIA program that could take control of Samsung smart TVs and turn them into listening devices. Weeping Angel — which requires physical access to the television set — puts targeted TVs into a fake off mode, so even if the TV is turned off it is actually recording and picking up conversations and sending them to a CIA server.
That is scary stuff.
But Samsung (SSNLF) warned users about this vulnerability back in 2015. The terms of service for its smart TVs included warnings that televisions could be eavesdropping on living room conversations and transmitting the data captured “to a third party through your use of Voice Recognition.”
Your TV may be recording you
Samsung said in a statement that it has seen the latest WikiLeaks report, and is “urgently looking into the matter.”
If you still want a smart TV, don’t have sensitive chats around the television set and kill the power source when it’s not in use.
“Turning off and unplugging TVs is a great idea,” Moussouris said. “I even cover TV cameras in hotel rooms, just like I do on my laptop.”
Don’t be a target
Most people are not targeted by the CIA or other international intelligence agencies.
But if you are, it’s going to be pretty tough to outwit their expertise and resources.
“If a spy agency wanted to compromise your devices, there’s little you could do,” Moussouris said. “It’s like defending from an assassin — not likely to be after you, and nothing you can do if they are.”
— Jose Pagliery and Paula Hancocks contributed to this report.