Are your smart devices spying on you?

By: Mark Ellis

Date: 15 March 2017

Are smart devices spying on you?

It's the stuff of sci-fi nightmares. A recent report by whistleblowing website, WikiLeaks, has revealed internal documents from the US Central Intelligence Agency (CIA) that suggest spies are now capable of using smart TVs and smartphones as devices for covert surveillance.

Code-named 'Vault 7', the document haul contains detailed information on apps that are laced with malware (a form of malicious software that is capable of disrupting or gaining access to computer hardware) and which can be deployed on various devices in order to steal information about the user.

The CIA has since been heavily criticised for seemingly stockpiling vulnerabilities within apps, rather than working with software vendors to patch them. By weaponising popular software, experts say, the agency is simply putting more consumers at risk of infiltration by cyber criminals.

Which devices are allegedly hacked?

Vault 7 suggests that the CIA is able to access a number of devices for its surveillance needs, many of which you may use within your business or home. They include:

  • Samsung Smart TVs. Dubbed 'Weeping Angel', the CIA claims to be able to invoke a 'fake-off mode' on Samsung Smart TVs where the TV appears to be switched off but is in fact recording audio from the room in which it's placed.
  • iPhones and Android phones. Vault 7 refers to several 'zero day' exploits for the two most popular smartphone platforms on the market. Zero day refers to inherent bugs contained within devices and can usually be found in small glitches among the million lines of code.
  • Computers. Apple Macs, Windows PCs and Linux devices are also targeted by the CIA for use of zero day exploits and malware.
  • Connected cars. The leaked documents hint that the CIA is even researching how it might affect the smart technology contained within the new breed of internet-connected vehicles.

Should I be worried?

It's important to note that Wikileaks has thus far only published documents that detail targeted attacks - they don't include the source code used to conduct them. "If Wikileaks has the code behind these exploits, it has a responsibility not to publish that," security researcher Alan Woodward recently told the BBC. "To do so would expose the public to the very real danger of criminals reusing those exploits still working. These were kept in a controlled environment for a reason."

Infamous whistleblower Edward Snowden is rather more critical of the CIA's tactics, having taken to Twitter following the leaks to say, "Imagine a world where the actual CIA spends its time figuring out how to spy on you through your TV. That's today".

Snowden's comments aren't particularly reassuring, but the fact remains that the infected apps must be physically installed on devices in order for outside sources to use them for spying purposes. Therefore, if news of infected televisions has prompted you to immediately kill the power to your smart TV, you can rest safe in the knowledge that a hacker would need physical access to it to install the malware.

Wrapping up: are smart devices safe?

The tech devices we use in our homes and businesses are becoming increasingly smart. Many, such as the Amazon Echo, are constantly listening for user input, which has led people to question exactly how much of our every day conversations they - or, more accurately, the people behind them - are snooping on.

As unlikely as it is that companies such as Amazon are listening intently to the contents of your office meetings, it still pays to be vigilant. Ransomware attacks (where hackers encrypt your data so that you can't access it or threaten to publish your data) are perilous for businesses. One in three infected organisations have paid hackers to get their data back, so it's vital you take the necessary precautions as a small business owner.

There are four things you should do immediately to keep your data safe from prying eyes:

  1. Ensure all smart devices always have the latest operating software installed. Check for updates regularly if they're not automatically turned on.
  2. Never install software or apps from unrecognised vendors.
  3. Ensure all software and apps are up to date.
  4. Make sure you keep your anti-virus software constantly up to date.

So, are smart devices safe? Yes - providing you follow the rules above. Remember - Vault 7 only points to tools that require physical access to your devices. If they remain in your possession and fully updated, cyber criminals won't be able to listen in.