WikiLeaks has set the world ablaze with the release of 8,761 documents under the codename “Vault 7.” It reveals CIA activity that includes the creation of malware, viruses, and exploits that permit the intelligence agency to commit widespread surveillance. For some readers, these revelations validate some long-held theories.
Considering the implications of these documents, some sensationalism is to be expected. However, it is important to separate confirmed information from speculation. Here are three conspiracy theories surrounding the Internet of Things, and information from the Vault 7 publication that either validate or invalidate this speculation:
Theory 1: Your TV Can Spy On You – Confirmed
In George Orwell’s book, 1984, the denizens of Oceania were spied upon by their government through “telescreens” — televisions that are impossible to turn off and double as surveillance tools for the government. In reality, smart TVs may serve the same purpose.
Apparently, the paranoia is justified. According to WikiLeaks documents, the CIA and MI5 worked together on a hack called “Weeping Angel” that specifically targeted Samsung smart TVs. With this hack, it was possible for agents to record conversations. It even sought to implement a “fake-off” feature, where the television would appear to turn off but continue to covertly record audio. A firmware update in June 2014 rendered it impossible to transmit the hack over the internet, though it was possible to affect specific devices through a thumb drive. The CIA attempted to block future firmware updates from removing the hack.
While we will have to wait for more leaked documents to learn more about Weeping Angel (and potentially other hacks), the actions by intelligence agencies demonstrate a clear disregard for consumer privacy. As noted by Vijay Kanabar, an associate professor of Boston University’s Online Computer Information Systems program, “There is a culture of trust here in this country that is pretty easy to exploit.” While Americans may show a general disregard for the importance of cybersecurity, it is galling that the U.S. government would commit cyberattacks on its citizens. It is unlikely that these agencies were content with only hacking Samsung TVs, and upcoming leaks will reveal the full scope of this program.
Theory 2: Car Cyberattacks Can Be Used to Assassinate Political Enemies – Possible
Four years ago, journalist Michael Hastings died under mysterious circumstances. The New York native was investigating a privacy lawsuit brought against the DoD and FBI. Hours before crashing into a tree in Los Angeles at a high speed, Hastings sent an email indicating that he was “going off the radar for a bit.” The circumstances of the crash prompted speculation that an intelligence agency may have remotely seized control of his car. Proving that his death was an assassination rather than an accident, however, is impossible.
This account resurfaced very recently in light of the Vault 7 revelations. In a press release, WikiLeaks notes that the Mobile Devices Branch (MDB) of the CIA was looking to affect control systems of modern cars and trucks. While the purpose of these hacks are not specified, pundits have noted that the desired control would give them the capacity to perform “nearly undetectable assassinations.”
Definitive proof that the CIA were successful in their attempts to remotely hack automobiles has not been released. As noted by Scientific American, remotely hacking a vehicle is an incredibly difficult task. Nevertheless, the agency has demonstrated a clear eagerness to make it a reality. The idea that cyberattacks are being used to assassinate political enemies is plausible, but not proven.
Theory 3: The Government Can Track You Through Your Phone – Confirmed
This theory is confirmed, but not in the way some theorists have speculated. In mid-2015, some internet users discovered a strange chip in their Samsung Galaxy S4s. People speculated that this chip was used to collect data on users, including photos and personal data. Actually, that little chip is an NFC chip, and is used only to facilitate mobile pay. Regardless, there are many other ways that internet users can be tracked — so nothing you do on your phone online should be presumed to be private.
Recently, it was revealed that the CIA has actually sought the use of mobile phones for real-time surveillance — not mere internet tracking. The MDB have the capacity to infect devices and have them send the user’s location, calls, and text messages to remote agents. Furthermore, they can activate the camera or microphone of a device, in order to monitor a target in real-time. Work to keep these hacks operational is continuous, since firmware updates necessitate new workarounds. A glimpse into the inner workings of this process can be found here.
While some use of consumer data to facilitate data-driven marketing is to be expected, outright mass surveillance was something relegated to fringe conspiracy theory forums — until recently.
Is widespread mobile surveillance a goal of the CIA? Or were these hacks limited to specific targets deemed to be a threat?
The scope of this program may come to light as the remainder of the Vault 7 documents are released.