The U.S. government’s spy tools are being revealed.
Wikileaks continues to publish alleged CIA hacking techniques for smart devices, including smart TVs and smartphones. And recently a treasure trove of alleged hacking tools used by the NSA were leaked by hacking group, Shadow Brokers.
Experts say the leaks could open the door for cybercriminals to use the same tactics to target consumers. The government only uses these tools against persons of interest.
“Even though the actual source code for the exploit wasn’t included, it does give you data around how information was transferred….That would allow a hacker or somebody malicious to develop their own exploits based off of that information,” said Michael Buratwoski, the senior vice president of cybersecurity service at Fidelis Cybersecurity and a former law enforcement officer.
The CIA has not confirmed the documents are real. The NSA did not respond to our request for comment.
“Every device is exploitable…. There’s always a risk of using smart technology that a threat actor could leverage to spy on you,” said Kevin Mitnick, the author of “The Art of Invisibility.” He was formerly on the FBI’s most wanted list and served time behind bars for hacking. Now, Mitnick advises companies and consumers on how to protect themselves from cybercriminals.
Internet of Things
The new frontier of smart device is known as the internet of things, or IoT, and involves connecting new electronics to the internet, such as webcams, TVs and refrigerators. The idea is make life easier, but cybersecurity is essential to prevent hackers from gaining new ways to attack you.
“With IoT devices it’s kind of like the wild wild west today,” Mitnick said. According to Wikileaks, the CIA allegedly used smart TVs to spy on people.
The government and cybercriminals exploit technology flaws that let them gain sensitive information. One example, according to Mitnick was a smart refrigerator.
“The vulnerability allowed an attacker to steal your Gmail credentials, which would not only give access to your calendar, but to your e-mail,” he said.
To protect yourself, Mitnick advises changing the default password on IoT devices as soon as you set them up.
Also, turn off features you are not using, such as voice commands on a smart TV.
If a government wants to access your smartphone, it’s likely they can.
“They are going to have knowledge of vulnerabilities that the manufacturer can’t fix, you have about 1.5 million dollars, you could buy a zero day exploit for this type of device [iPhone],” Mitnick said.
The best protection is to update your phone and apps as soon as patches become available.
Keeping messages private
To prevent cybercriminals from accessing your messages, it’s best to use apps that offer end-to-end encryption. Mitnick recommends an app called Signal.
“That is the most secure type of communications that we have available today,” he said.
Also, be weary of emails and text messages you were not expecting. Oftentimes cybercriminals will send targeted messages to get you to click on a link or open an attachment.