Protect your privacy

Aatif Sulleyman

This has been a dark month in the world of technology, with WikiLeaks’ mammoth ‘Vault 7’ document release making for some deeply unpleasant reading.

The 8,761 files published by the whistle-blowing organisation allegedly came straight from the CIA, which is believed to have been using a variety of hacking methods to secretly spy on people through their electronic devices. The agency is also said to be capable of pinning the blame for cyber attacks on other countries.

WikiLeaks is set to follow this up by publishing the redacted details of all of the CIA’s cyber weapons, but will give technology companies initial exclusive access to them, to prepare themselves against hackers. 

Fortunately, there are also a number of simple steps that ordinary people can take to protect themselves, without going off-grid.

Check your TV

‘Weeping Angel’ is one of the most chilling revelations of them all, allowing the CIA to turn smart TVs into covert microphones, according to WikiLeaks. The attack, which is said to have been developed alongside the MI5, enabled agents to infiltrate TVs and make them appear to be turned off. 

In this ‘Fake Off’ state, they could listen in on everything that people were saying around them, and send the recordings to a CIA server over a web connection. 

Only a select group of Samsung models are reported to be vulnerable to the hack. These are: UNES8000F, E8000GF plasma, UNES7550F, UNF8000 series, F8500 plasma, UNF7500 series and UNF7000 series. Even then, they have to be running old firmware, such as versions 1111, 1112 or 1116. It’s also understood that a CIA agent would have had to have physical access to a TV in order to carry out the Weeping Angel hack, but you can ensure it’s not been tampered with by switching your set off and checking the back of it for a blue LED. 

You can see which firmware version your TV is running by going to the main menu, choosing support and then software update. From here, you can update to the secure version 1118.

Update your phone

The agency was able to remotely control and monitor phone activity, both on Android and iOS, according to the WikiLeaks documents. Both Apple and Google 

have said that they’ve addressed “many” of the vulnerabilities allegedly exploited by the CIA. 

The best thing users can do is update to the latest available version of their phone’s operating system as this provides the highest level of protection. Apple and Google have pledged to fix any remaining flaws, so you can expect more software updates to become available in the near future.

Stop using Internet Explorer

A short section in the Vault 7 leaks says that the CIA used a “very simple technique” to steal passwords saved by Internet Explorer. Microsoft ended support for Internet Explorer 8, 9 and 10 over a year ago, meaning that only version 11 receives security updates from the company. The browser has no future though, with IE11 confirmed as the final iteration, and Microsoft itself recommends that users choose alternatives. 

Edge is the default browser on the latest versions of Windows, with Chrome and Firefox its main competitors, and all three are better to use than Internet Explorer. What’s more, Google says that Chrome has already fixed most of the vulnerabilities the CIA was allegedly capable of taking advantage of.

Don’t rely on anti-virus

“CIA hackers developed successful attacks against most well known anti-virus programs,” according to WikiLeaks. “These are documented in AV defeats, Personal Security Products, Detecting and defeating PSPs and PSP/Debugger/RE Avoidance.”

Twenty one separate security products are listed in the leak, including: Avast, AVG, F-Secure, GDATA, Kaspersky, Malwarebytes, McAfee, Microsoft Security Essentials, Norton, Panda, Rising, Symantec, Trend Micro and Zone Alarm. Most of the details have been redacted, but one of a handful of remaining sections reads, “F-Secure has generally been a lower tier product that causes us minimal difficulty. The only annoyance we have observed is that F-Secure has an apparent entropy-based heuristic that flags Trojaned applications or other binaries containing encrypted/compressed payloads. Two defeats are known to exist.” — The Independent