The files haven’t been verified by either the CIA or independent security experts as authentic, and experts say there is nothing new there that should alarm the public. But with so many devices in our home, workplace and pockets constantly online, the release is a reminder of the importance of online security—and the value of keeping devices up-to-date.
“The methods alleged by WikiLeaks are serious vulnerabilities, but they’re also nothing we haven’t seen from the CIA and WikiLeaks before,” said Matthew Green, a professor of cryptography at Johns Hopkins University.
When high-profile vulnerabilities are released, companies are usually quick to respond and roll out software patches quickly, said Mr. Green, pointing to a potential upside.
“Where things get scary is the day or two or week that it takes for a company to come up with a security update,” he said. He also worries about those who don’t—or can’t—update devices, “the people who have older devices that never get software updates, or newer devices that get software updates months after they’re released, as is the case with most new Android phones.”
WSJ Personal Tech columnist Geoffrey A. Fowler wrote a simple guide on how to avoid being hacker bait and reminds people, if you’re not following these tips, you’re leaving yourself vulnerable.
Fortunately, experts had immediate answers to some of the most pressing questions surrounding the WikiLeaks release:
Can my phone, computer and TV be hacked remotely?
No. The described exploits apply to circumstances where spies would have the targeted smartphone, computer and other internet-connected device in their physical possession, said Kenneth White, a security researcher and director of the Open Crypto Audit Project, a nonprofit that promotes cybersecurity.
And even hacking one device would require significant resources, he said. “These aren’t mass-surveillance practices.”
Can secure messaging apps such as WhatsApp and Signal be hacked?
No. WhatsApp and Signal use end-to-end encryption, which means messages remain encrypted as they move from sender to recipient. Any data intercepted from a conversation would be gibberish. Even the companies operating WhatsApp and Signal couldn’t read messages on the services.
Nothing in the WikiLeaks release showed that WhatsApp or Signal’s end-to-end encryption technology was compromised. If the phone’s operating system is hacked, however—something the leak alleged was possible—a spy could see what was being typed as messages were being written, Mr. White said. “If you can’t break into an app, break into the OS.”
Mr. Green concurred. “WhatsApp and Signal are the most secure messaging apps anyone can use and nothing from what we’ve seen from WikiLeaks changes that,” Mr. Green said.
What can I do to keep my phone, tablet and computer secure?
Update your software and install security patches as soon you are able. Steer clear of unauthorized app stores, which can be home to malware. Use a password manager such as Dashlane or LastPass. Turn on two-factor authentication. And use end-to-end encryption wherever available.
Another tip: Buy a new router. “Old routers are easy to hack into and all the data that’s sent by your devices passes through those routers,” Mr. Green said. Newer routers automatically keep up-to-date.
What can I do to secure my TV and set-top box?
Update their system software and turn on automatic updates, if possible. TVs and set-top boxes are security risks because they are more primitive than phones, tablets and computers. “The sort of security found on an iPhone isn’t found on TVs and set-top boxes,” Mr. White said.
They also tend to be designed to collect usage data. “TV makers, cable companies and internet service providers all make a good chunk of revenue from selling highly detailed demographic data,” he said.
In many cases, you can opt out of the data collection, if you dig into the menu of your TV or set-top box—assuming you know it is happening. Vizio Inc. recently paid $2.2 million to settle a Federal Trade Commission lawsuit for collecting and selling such data without asking TV owners for permission.
“Many TVs have built-in mics and with low levels of security, your TV can be hijacked to listen to you. It’s a been problem for a couple years now,” said Mr. Green, who didn’t offer any remedy.
Would turning off my devices make a difference?
If a device—be it a phone, internet-connected fridge or voice-controlled streaming speaker—can connect to the internet, it is likely sending data over the internet, even when the device appears to be turned off, Mr. Green said.
“‘Off’ doesn’t mean much these days. It means your screen isn’t going to display anything, it’s dark,” he said. You can always unplug your TV when you’re not watching it, but that strategy probably won’t work with your refrigerator.
/WSJ/
More about: #Wikileaks #cybercrime
