The CIA can effectively bypass the encryption used in secure texting apps popular with whistleblowers and journalists.
By collecting audio and text messages on a targeted phone before they’re encrypted for another party, the CIA can effectively suck up the private data sent on Signal, Telegram, WhatsApp and other secure apps, according to the Vault 7 document dump by Wikileaks.
It’s a confirmation of a long-standing assumption that intelligence agencies intercepted data after it was transcribed on a keyboard but before it could be encrypted by software.
“The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone,” Wikileaks reported. “…These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.”
This is akin to having a burglar already inside your house who steals your valuables before you can lock them in a safe.
To sum it up, the effectiveness of these secure apps is undermined by the CIA-created vulnerabilities on affected phones.
These vulnerabilities include “zero day” exploits, which are named for the fact that the security holes are exploited before the community is aware of them on “day zero.”
“Zero day” vulnerabilities can exist naturally in buggy software; typically they can exist anywhere from three months to nearly three years before being recognized as a security threat.
“The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware,” Wikileaks also reported. “This includes multiple local and remote weaponized ‘zero days,’ air gap jumping viruses such as ‘Hammer Drill’ which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas (‘Brutal Kangaroo’) and to keep its malware infestations going.”
“Many of these infection efforts are pulled together by the CIA’s Automated Implant Branch (AIB), which has developed several attack systems for automated infestation and control of CIA malware, such as “Assassin” and “Medusa.”