Somewhat careless wording by Wikileaks has led to widespread reports than messaging apps that use end-to-end encryption – like Signal and WhatsApp – had been compromised by the CIA. There is in fact no evidence that this is the case.
Google has issued a statement stating that ‘many’ of the Android exploits reportedly used by the CIA have already been addressed. Google’s statement used similar wording to one issued earlier by Apple.
As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities. Our analysis is ongoing.
But the WSJ reports that they and other tech companies are being hampered by two factors …
Wikileaks claims that the U.S. Central Intelligence Agency has a specialized unit within its Center for Cyber Intelligence that is devoted to developing and obtaining zero-day exploits for Android devices, in addition to one targeting Apple’s iOS. A zero-day exploit is one unknown to Google or security researchers, so cannot be protected against.
A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.
The CIA is also said to have teams working on attacking Windows and Samsung TVs, ‘which are turned into covert microphones.’
Wikileaks further claims that the CIA recently ‘lost control’ of the majority of the malware it uses to attack devices …