Home / Blogs

Google Claims It Fixed the Security Holes the CIA Exploited

WikiLeaks shook the internet again on March 7, 2017, by posting several thousand documents containing information about the tools the CIA allegedly used to hack, among others, Android and iOS devices. These classified files were obtained from the CIA’s Center for Cyber Intelligence, although they haven’t yet been verified and a CIA official declined to comment on this incident.

This isn’t the first time that the U.S. government agencies were accused of crossing the line and undermining online security and civil liberties, as it’s been only a year since the infamous FBI-Apple encryption dispute. It’s like “1984” all over again.

March 2017

According to these documents, the alleged exploits took place between 2013 and 2016, while at least 24 Android vulnerabilities were identified. Among them were hacking tools capable of turning Android and iPhone devices, smart TVs, and computers into “covert microphones”. Chrome was targeted by the EggsMayhem attack, the Sulfur exploit caused Android to leak critical OS information, while the RoidRage bundle was used to obtain remote control over Android devices. At first, all the tech companies from Silicon Valley maintained their silence, but two days later, Google’s Manager of Information Security, Heather Adkins, said that many of the vulnerabilities referred to in the report were fixed.

However, security specialists say that those government intrusions on privacy, although undeniably severe and illegal, haven’t been reported to affect versions of Android after 4.4. Google is currently busy analyzing their security issues, and working on implementing further protections. Apple also issued a statement saying that their users were protected as the latest iOS version contained security patches for the mentioned exploits. Security protocols of many chat apps such as Facebook’s WhatsApp, Signal, or Weibo, were broken, too.

All this obviously puts not only many individual users, but also numerous companies at risk, as their privacy can be easily violated and their trade secrets exposed. That’s why it’s wise to think about alternative methods of communication and constant security software testing.

February 2016

On December 2, 2015, 14 people were killed, while 22 were injured in a terrorist attack at the Inland Regional Centre in San Bernardino, California. The perpetrators were subsequently killed in a shoot-out with the police. During the investigation, the FBI found an Apple iPhone 5C, issued to one of the terrorists by the San Bernardino County, as he was its employee. However, the phone had a password and couldn’t be unlocked due to its advanced security features.

The FBI asked Apple to help them and disable certain security features, which the company declined on the grounds of its policy of never undermining the security features of their products. This case sparked a heated debate regarding the importance of security and encryption both in court and among the general public. A poll conducted by the Pew Research Center on the sample of 1,022 adults showed that 51% of the U.S. citizens supported the FBI, while 38% agreed with Apple, although the company warned that creating a backdoor to the iPhone could pose a threat to the data security, as the government or hackers could potentially unlock any iPhone.

Finally, the FBI used a tool purchased from a third party unlock the device and withdrew the request. This incident is still a controversial matter in the U.S.

December 2013

In December 2013, it was revealed that the NSA and the UK’s GCHQ entered the realm of online gaming and started collecting data from the likes of WoW and Second Life, as an attempt to track potential terrorists. The two intelligence agencies claimed, although their efforts weren’t fruitful, that terrorists might be using MMORPG networks in order to stay under the radar thus making it easier for them to communicate, plan attacks, or even move money.

This was revealed, together with many other NSA surveillance practices, by Edward Snowden. As a result, 8 tech giants, including Facebook, Google, and Microsoft penned an open letter to the Obama Administration requesting reforms of government surveillance practices.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Nate Vickery, Consultant

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API