Security firms have started assessing the impact of the CIA hacking tools exposed on Tuesday by WikiLeaks as part of the leak dubbed “Vault 7.”
Files allegedly obtained from a high-security CIA network appear to show that the intelligence agency has tools for hacking everything, including mobile devices, desktop computers, routers, smart TVs and cars.
The published files also appear to show that the CIA has targeted the products of many security solutions providers, including anti-malware and secure messaging applications. The list of affected vendors includes Symantec, Kaspersky, Avira, F-Secure, Microsoft, Bitdefender, Panda Security, Trend Micro, ESET, Avast, AVG, McAfee, Comodo and G Data.
While WikiLeaks has not released any of the exploits it has obtained, an initial investigation conducted by security firms indicates that the CIA’s capabilities may not be as advanced as some have suggested.
..what Wikileaks won’t tell you: almost everything in their dump is dreadfully ordinary, widely known by the cybersec/hacking community
— Rob Graham٩(●̮̮̃●̃) (@ErrataRob) March 8, 2017
Bitdefender told SecurityWeek that the public Vault 7 files show that the CIA had been having problems evading the company’s products.
Kaspersky Lab said one of the vulnerabilities mentioned in the report was patched in 2009, while another was addressed in December 2015.
“All current Kaspersky Lab solutions are subject to mandatory testing against these vulnerabilities prior to release. The products mentioned in the Wikileaks report (KIS 7, KIS 8, WKSTN MP3) are outdated versions of Kaspersky Lab software and have been out of the technical support lifecycle for several years,” the security firm said in an emailed statement.
“We would like to stress that the documents published by Wikileaks do not describe any computer breaches against Kaspersky Lab, or against any other security firms or customers, but instead depict efforts to reverse engineer and find vulnerabilities in computer security software products,” it added.
Comodo also said its product appeared to pose problems to the CIA. WikiLeaks mentioned that the agency had bypassed Comodo’s product by hiding malware in the Recycle Bin, but the vendor said such tricks would not have worked against versions of its product released in the past four years.
“What we are seeing in the leaked documents are their desperate attempts to build a hack, step-by-step, with the ultimate goal of achieving a total bypass of the security, such as trying to find something like a kernel exploit. But as their email says, in the case of Comodo, they end up with nothing,” said Melih Abdulhayoglu, founder and CEO of Comodo.
Microsoft, whose EMET and Security Essentials products are mentioned in the leak, told SecurityWeek that it’s aware of the report and looking into it. Trend Micro and F-Secure are also investigating.
“F-Secure is mentioned in the leak, citing the CIA can potentially bypass some of our products. But the question is really not whether the CIA can bypass our products, the answer to that is always yes. If they cannot do it right now, they invest another million to find a flaw,” said F-Secure’s Mikko Hypponen.
Panda Security says it has yet to find exploits or tools targeting its products in the publicly available files.
“That doesn’t mean there won’t be any, at the end of the day we are talking about software. We expected to be there, the fact that we do not collaborate in any way to spy on our users turns Panda into a target for the CIA, FSB, and that kind of organizations,” said Luis Corrons, Technical Director of PandaLabs.
As for enterprise security vendors, Juniper Networks has not found any evidence that its products have been targeted, but there appear to be several exploits targeting Cisco devices. Cisco has yet to release any information.
Secure messaging tools not compromised
WikiLeaks reported that the CIA had found a way to bypass the encryption of Signal, Telegram, WhatsApp and other secure messaging applications.
While many jumped to conclude that the agency had actually broken the encryption of these apps, WikiLeaks actually meant that gaining access to a mobile device using iOS and Android exploits could have given the CIA access to conversations, without having to break their encryption.
The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption.
— Open Whisper Systems (@whispersystems) March 7, 2017