Josephine Wolff | Quartz | March 9, 2017 | 0 Comments

All Smartphone Users Should Take Away These Two Lessons From CIA Wikileaks Files

endermasali/Shutterstock.com

This week, WikiLeaks released “Vault 7″—a roughly 8,000-page document purporting to detail surveillance tools and tactics of the CIA. The leak appears to outline a wide variety of vulnerabilities in smartphones and other devices the CIA uses to intercept communications and eavesdrop on its targets. Here’s what the average smartphone user needs to know.

You shouldn’t stop using encryption services

The leaked documents suggested the CIA can bypass the security measures of encrypted messaging apps such as WhatsApp—but that doesn’t mean you should stop using them. This point has gotten a bit confused in the aftermath of the leaks. WikiLeaks itself tweeted the leak “confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption.”

This language about encrypted messaging apps was picked up in other places, including The New York Times, which wrote the vulnerabilities detailed in the leaks allow CIA officers “to bypass the encryption on popular services such as Signal, WhatsApp and Telegram.”

But as other outlets quickly pointed out, that message is very misleading for the typical smartphone user. The leaked documents don’t in any way indicate the CIA has identified vulnerabilities in any of these apps. Rather, the CIA has identified vulnerabilities in the smartphone technology these apps run on, not the apps themselves.

This distinction matters. To misreport the leaks means people might come away thinking they shouldn’t bother using encryption services—and it also wrongly puts the responsibility for addressing these vulnerabilities on the app companies, rather than the phone developers.

That said, it’s always good to be reminded encryption is not, by any means, a panacea when it comes to online security. Any encryption service you use almost certainly provides you with access to the decrypted contents of messages you send and receive. If you and your friends can view those messages on your phones, then you should take for granted that someone else can, too, so long as they have access to your device.

But that doesn’t mean encryption is useless. On the contrary, encryption services force people who want to spy on your communications to compromise devices rather than just intercepting online traffic. Adding that extra hurdle is worthwhile, even if it won’t deter the most determined and well-resourced spies (for instance, the CIA).

Smart devices can easily be used to spy on you

The other important lesson from the Vault 7 leaks is we should all be wary of how easily our internet-connected “smart” devices can be used to spy on us. The documents include details about exploits used to target Samsung smart TVs and turn them into listening devices, even when they seem to be turned off. Internet-enabled electronics, especially smartphones and personal computers, are inevitably going to be present in just about every home these days—but intelligence agencies’ abilities to turn these devices into remote eavesdropping tools should make people think seriously before adding new ones.

Is the value you get from having smart televisions, speakers, or security cameras worth the worry about how these devices may be compromised and used against you? (Even if you’re not worried about the CIA coming after you, it should go without saying anything they can do can be done just as easily by any number of others—inside and outside the government.)

You’re probably not going to let your household fall off the grid entirely. But even if all you do is restrict yourself to laptops and smartphones as the only connected devices in your home, you’ll still raise the bar for your personal security. Those devices are often designed by tech companies with deep expertise in computer security, as opposed to other devices manufactured by companies that are relatively new to the security challenges their smart products may present.

So here’s the upshot from the CIA leaks: Keep using WhatsApp and Signal, ditch the smart TV, and remember no matter how hard you try, you probably can’t protect yourself fully against the formidable surveillance powers of the U.S. intelligence community.

Comments
JOIN THE DISCUSSION

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.