Documents published on Tuesday by WikiLeaks claim to be evidence that the “CIA lost control of the majority of its hacking arsenal.”
According to the WikiLeaks files, it appears that the CIA has teams specifically dedicated to breaking into Apple products, including iOS, the software that runs on iPhones and iPads, and even Apple’s line of routers, AirPort.
The WikiLeaks files suggest that the CIA may have access to undiscovered and unreported bugs, or exploits, in iOS, the iPhone operating system.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” Apple said in a statement.
Here’s Apple’s complete statement on the WikiLeaks files:
“Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.”
There is also evidence in the 7,818 web pages and attached files that the CIA has tools to gain unauthorized access to Android devices, smart TVs, and other computers.
‘Nothing interesting or new’ about the published exploits
Will Strafach, a security professional with extensive experience with iOS exploits and CEO of Sudo Security Group, cast doubt about the “leaked iOS stuff from CIA” on Twitter, saying that there appeared to be “nothing interesting or new.”
“So far, there is zero cause for concern,” Strafach told Business Insider. “They definitely have vulnerability research (looks very similar to my own company’s internal wiki), but nothing which should be if any concern to a user on the latest iOS.”
Apple regularly fixes the kind of bugs and potential exploits that the CIA purportedly developed and bought. For maximum security, you should update to the latest version of iOS on your iPhone or iPad in Settings > General > Software Update.
In a statement accompanying the document release, Wikileaks claimed that there was a group inside the CIA specifically dedicated to hacking iPhones and iPads. Wikileaks wrote:
Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data fromiPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includesnumerous local and remote “zero days”developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
WikiLeaks says that the files it published, purportedly from the CIA Center for Cyber Intelligence, has had parts removed before publication, specifically any code that could be used as a “cyberweapon” as well as some identifying information about CIA targets.
CIA spokesman Dean Boyd did not reply to a request for comment, but told the New York Times: “We do not comment on the authenticity or content of purported intelligence documents.”