At first glance, the latest release of classified information from the news leak organization WikiLeaks seems to have alarming implications for anyone with an electronic device. The 8,761 documents and files reveal details about Central Intelligence Agency (CIA) hacking tools aimed at vehicle control systems, Samsung smart TVs, iPhones, Android devices as well as Windows, Linux and other machines.
However, a number of IT security experts are cautioning that the information released yesterday does not indicate the CIA has found a way to break the encryption of secure messaging tools or is conducting mass surveillance of people via their TVs and smartphones.
It’s also unclear where exactly the cache of documents WikiLeaks is calling “Vault 7” comes from, so it’s too early to attribute this leak to an inside agency whistleblower, an outside hacker or a state actor, according to these experts.
In addition, while the leak does reveal the CIA’s use of so-called “zero-day” vulnerabilities that haven’t yet been discovered or disclosed by software developers, at least some of those vulnerabilities appear to be several years old, which means they may have already been patched or eliminated.
‘Genuinely a Big Deal’
Shortly after WikiLeaks announced the Vault 7 release yesterday, former National Security Agency (NSA) contractor and whistleblower Edward Snowden said on Twitter that the leaked documents appear to be legitimate.
“Still working through the publication, but what @Wikileaks has here is genuinely a big deal,” tweeted Snowden. “Looks authentic.” In 2013, Snowden shared thousands of classified documents with journalists to reveal the widespread extent of intelligence surveillance on U.S. citizens as well as non-citizens.
“There’s a lot in here,” cybersecurity expert Bruce Schneier wrote yesterday in an analysis on his blog. “The documents say that the CIA — and other intelligence services — can bypass Signal, WhatsApp and Telegram. It…