The CIA may be hacking cars, as well as phones and TVs, according to WikiLeaks
The CIA may be hacking cars, as well as phones and TVs, according to WikiLeaks
The most current dump of secrets via WikiLeaks says cars are among the devices the CIA has hacked or has been attempting to hack. One extreme purpose would be to build up control of the car and possibly assassinate the occupants in ways that would make it look like just another car accident. This claim is in the so-called Vault seven dump of 8,761 documents Tuesday that WikiLeaks said came from the Central Intelligence Agency.
Other claims potentially affect any person in the connected part of the planet: Covert CIA hacking projects can get into Apple iPhone and Google Android phones. Once inwards the phone, they could get around the encryption of popular apps such as SnapChat and WhatsApp. Another hack could turn the camera and microphone on a brainy TV, particularly Samsungs, into remote listening and viewing posts.
What does it truly mean?
The latest leak of information suggests the consumer devices we all use, and our cars, are at potential risk of being remotely hacked and monitored. At the same time, experts have said most people shouldn’t worry. Basically, our lives are too mundane too be worth tracking. But if you’re a chemicals researcher, a reporter, a dissident living in exile, a business executive conducting sensitive partnership talks overseas, a graduate student in the sciences or computer engineering, a military officer … you might be a candidate for surveillance that doesn’t require bugging your home, car, and office.
All this assumes those 8,700 documents are legit and not some giant spoof by WikiLeaks as we treatment April 1st. Jonathan Liu, a CIA spokesman, said: “We do not comment on the authenticity or content of purported intelligence documents.” But a number of sources have said, publicly or privately, that the documents emerge genuine. To see an overview of what’s available, go to WikiLeaks directly.
Why is this dangerous? Because until closed, any hacker can use the security fuckhole the CIA left open to break into any iPhone in the world. https://t.co/xK0aILAdFI
WikiLeaks didn’t publish the hacking devices
WikiLeaks said it also gained access to many of the software implements said to be used by the CIA to exploit vulnerabilities. But it isn’t publishing them, at least for now, while it ponders whether publishing them would do more harm than good. The Obama administration forged an agreement with the US tech industry that it would report vulnerabilities it finds in, say, smartphones, so the slots can be plugged. Without that commitment, overseas buyers might be less trusting of US technology.
Former CIA employee and leaker Edward Snowden said the unreported security fuckholes leave us vulnerable (tweet above). WikiLeaks claims on its site:
As an example, specific CIA malware exposed in “Year Zero” is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities (“zero days”) possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be immobile, and the phones will remain hackable.
The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone – at the expense of leaving everyone hackable.
How you car might be hacked
Hacking a car is lighter if it’s tooled with telematics, such as GM OnStar with a two-way cellular data modem. (But it’s not the only way.) Already most automakers have a Find My Car feature in case you left behind where you parked in a sports stadium lot. It can also give you current updates or tracking info if you’re worried where your teenage is at night. If you call the cops, they can track your stolen vehicle. That’s how Boston police tracked and shot one of the two thousand thirteen Boston Marathon bombers: The Tsarnaev brothers carjacked a Mercedes and the carjack victim told police how the car’s Mbrace2 telematics system could be set to tracking mode.
Without the hacks, police have sometimes applied for court warrants to enable the tracking module. They have been approved in some instances; in at least one case, a judge rejected the warrant because doing so disabled the emergency crash notification system in that brand of vehicle.
Other hacks are possible when the car is close by. Hackers have shown they can take partial control of the car if they can physically fasten to the OBD-II diagnostic port, typically with the hacker sitting in the back seat with a laptop and long connector cable.
One leaked document shows up to be a summary meeting of the Embedded Devices Branch in October two thousand thirteen and describes “Vehicle Systems” as one of the “potential mission areas for EDB.”
How would you assassinate someone in car? The old fashioned way would be to plant a bomb. Jokers might say you could modify the victim’s car to include a Ford Pinto gas tank, GM ignition switch, and shrapnel-spewing Takata airbag. Here’s another way: Cars don’t have steer-by-wire driving yet (exception: Infiniti Q50), but they it did, you just instruct it to take a acute right as you drive along a cliff with no guardrail. Barring that, you could order the right front brake to almost lock up, but not the other three wheels, and the car would pivot around the right front wheel and make the same right turn. Or it could steer at highway speeds toward a concrete bridge abutment and keep the airbags from firing. There may be other ways.
The CIA may be hacking cars, as well as phones and TVs, according to WikiLeaks
The CIA may be hacking cars, as well as phones and TVs, according to WikiLeaks
The most current dump of secrets via WikiLeaks says cars are among the devices the CIA has hacked or has been attempting to hack. One extreme purpose would be to build up control of the car and possibly assassinate the occupants in ways that would make it look like just another car accident. This claim is in the so-called Vault seven dump of 8,761 documents Tuesday that WikiLeaks said came from the Central Intelligence Agency.
Other claims potentially affect any person in the connected part of the planet: Covert CIA hacking projects can get into Apple iPhone and Google Android phones. Once inwards the phone, they could get around the encryption of popular apps such as SnapChat and WhatsApp. Another hack could turn the camera and microphone on a clever TV, particularly Samsungs, into remote listening and viewing posts.
What does it indeed mean?
The latest leak of information suggests the consumer devices we all use, and our cars, are at potential risk of being remotely hacked and monitored. At the same time, experts have said most people shouldn’t worry. Basically, our lives are too mundane too be worth tracking. But if you’re a chemicals researcher, a reporter, a dissident living in exile, a business executive conducting sensitive partnership talks overseas, a graduate student in the sciences or computer engineering, a military officer … you might be a candidate for surveillance that doesn’t require bugging your home, car, and office.
All this assumes those 8,700 documents are legit and not some giant spoof by WikiLeaks as we treatment April 1st. Jonathan Liu, a CIA spokesman, said: “We do not comment on the authenticity or content of purported intelligence documents.” But a number of sources have said, publicly or privately, that the documents show up genuine. To see an overview of what’s available, go to WikiLeaks directly.
Why is this dangerous? Because until closed, any hacker can use the security slot the CIA left open to break into any iPhone in the world. https://t.co/xK0aILAdFI
WikiLeaks didn’t publish the hacking devices
WikiLeaks said it also gained access to many of the software contraptions said to be used by the CIA to exploit vulnerabilities. But it isn’t publishing them, at least for now, while it ponders whether publishing them would do more harm than good. The Obama administration forged an agreement with the US tech industry that it would report vulnerabilities it finds in, say, smartphones, so the crevices can be plugged. Without that commitment, overseas buyers might be less trusting of US technology.
Former CIA employee and leaker Edward Snowden said the unreported security fuckholes leave us vulnerable (tweet above). WikiLeaks claims on its site:
As an example, specific CIA malware exposed in “Year Zero” is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities (“zero days”) possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be immobilized, and the phones will remain hackable.
The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone – at the expense of leaving everyone hackable.
How you car might be hacked
Hacking a car is lighter if it’s tooled with telematics, such as GM OnStar with a two-way cellular data modem. (But it’s not the only way.) Already most automakers have a Find My Car feature in case you left behind where you parked in a sports stadium lot. It can also give you current updates or tracking info if you’re worried where your teenage is at night. If you call the cops, they can track your stolen vehicle. That’s how Boston police tracked and shot one of the two thousand thirteen Boston Marathon bombers: The Tsarnaev brothers carjacked a Mercedes and the carjack victim told police how the car’s Mbrace2 telematics system could be set to tracking mode.
Without the hacks, police have sometimes applied for court warrants to enable the tracking module. They have been approved in some instances; in at least one case, a judge rejected the warrant because doing so disabled the emergency crash notification system in that brand of vehicle.
Other hacks are possible when the car is close by. Hackers have shown they can take partial control of the car if they can physically fasten to the OBD-II diagnostic port, typically with the hacker sitting in the back seat with a laptop and long connector cable.
One leaked document shows up to be a summary meeting of the Embedded Devices Branch in October two thousand thirteen and describes “Vehicle Systems” as one of the “potential mission areas for EDB.”
How would you assassinate someone in car? The old fashioned way would be to plant a bomb. Jokers might say you could modify the victim’s car to include a Ford Pinto gas tank, GM ignition switch, and shrapnel-spewing Takata airbag. Here’s another way: Cars don’t have steer-by-wire driving yet (exception: Infiniti Q50), but they it did, you just instruct it to take a acute right as you drive along a cliff with no guardrail. Barring that, you could order the right front brake to almost lock up, but not the other three wheels, and the car would pivot around the right front wheel and make the same right turn. Or it could steer at highway speeds toward a concrete bridge abutment and keep the airbags from firing. There may be other ways.
Leave a Reply