Josephine Wolff | Quartz | March 9, 2017 | 0 Comments

All Smartphone Users Should Take Away These Two Lessons From CIA Wikileaks Files

endermasali/Shutterstock.com

This week, WikiLeaks released “Vault 7″—a roughly 8,000-page document purporting to detail surveillance tools and tactics of the CIA. The leak appears to outline a wide variety of vulnerabilities in smartphones and other devices the CIA uses to intercept communications and eavesdrop on its targets. Here’s what the average smartphone user needs to know.

You shouldn’t stop using encryption services

The leaked documents suggested the CIA can bypass the security measures of encrypted messaging apps such as WhatsApp—but that doesn’t mean you should stop using them. This point has gotten a bit confused in the aftermath of the leaks. WikiLeaks itself tweeted the leak “confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption.”

This language about encrypted messaging apps was picked up in other places, including The New York Times, which wrote the vulnerabilities detailed in the leaks allow CIA officers “to bypass the encryption on popular services such as Signal, WhatsApp and Telegram.”

But as other outlets quickly pointed out, that message is very misleading for the typical smartphone user. The leaked documents don’t in any way indicate the CIA has identified vulnerabilities in any of these apps. Rather, the CIA has identified vulnerabilities in the smartphone technology these apps run on, not the apps themselves.

This distinction matters. To misreport the leaks means people might come away thinking they shouldn’t bother using encryption services—and it also wrongly puts the responsibility for addressing these vulnerabilities on the app companies, rather than the phone developers.

That said, it’s always good to be reminded encryption is not, by any means, a panacea when it comes to online security. Any encryption service you use almost certainly provides you with access to the decrypted contents of messages you send and receive. If you and your friends can view those messages on your phones, then you should take for granted that someone else can, too, so long as they have access to your device.

But that doesn’t mean encryption is useless. On the contrary, encryption services force people who want to spy on your communications to compromise devices rather than just intercepting online traffic. Adding that extra hurdle is worthwhile, even if it won’t deter the most determined and well-resourced spies (for instance, the CIA).

Smart devices can easily be used to spy on you

The other important lesson from the Vault 7 leaks is we should all be wary of how easily our internet-connected “smart” devices can be used to spy on us. The documents include details about exploits used to target Samsung smart TVs and turn them into listening devices, even when they seem to be turned off. Internet-enabled electronics, especially smartphones and personal computers, are inevitably going to be present in just about every home these days—but intelligence agencies’ abilities to turn these devices into remote eavesdropping tools should make people think seriously before adding new ones.

Is the value you get from having smart televisions, speakers, or security cameras worth the worry about how these devices may be compromised and used against you? (Even if you’re not worried about the CIA coming after you, it should go without saying anything they can do can be done just as easily by any number of others—inside and outside the government.)

You’re probably not going to let your household fall off the grid entirely. But even if all you do is restrict yourself to laptops and smartphones as the only connected devices in your home, you’ll still raise the bar for your personal security. Those devices are often designed by tech companies with deep expertise in computer security, as opposed to other devices manufactured by companies that are relatively new to the security challenges their smart products may present.

So here’s the upshot from the CIA leaks: Keep using WhatsApp and Signal, ditch the smart TV, and remember no matter how hard you try, you probably can’t protect yourself fully against the formidable surveillance powers of the U.S. intelligence community.

Comments
JOIN THE DISCUSSION

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.