WikiLeaks Exposes CIA, Reveals Vulnerabilities in Many Gadgets(specially Android)

[JeffDunhill]

I am just copying the important chunks from this article

The recent leaks reveal how, for years, CIA was busy hacking into many consumer electronics devices, including Wi-Fi routers, Samsung Smart TVs, iPhones and Android-powered devices.

According to the documents, the agency employed specialized tools to exploit the security vulnerabilities in these devices and recorded videos, audio conversations, text messages, or anything that could help them keep tabs on the owners of those devices.

According to WikiLeaks, many malwares and hacking tools were developed by EDG (Engineering Development Group), one of CIA’s own software development group, while some tools and applications were acquired from other government agencies or third-party dealers.

The CIA dubbed these third-parties as their partners, and used codenames like SurfsUp, Peppermint, Anglerfish and Fangtooth.

Forbes reported that these vulnerabilities are worth a lot in the market, i.e., over $1 million for every bug.

Severity of the leaks:  The malware created by CIA for hacking into users’ personal gadgets are so effective that they can safely bypass even the most popular security programs.

 

Amongst Different OSs, Android Attracted the Most Exploits

The popular Smartphone Operating System, Android, enjoys a major market share in the Smartphone industry. Perhaps, that’s what makes it one of the important targets for the Central Intelligence Agency.

Amongst the many exploits reported by WikiLeaks, a good chunk of those exploits were especially developed to break into Android devices and applications.

• Chronos, purchased from Anglerish, exploits the security weaknesses of Android devices that are running on 4.0
• Dugrito, another tool by Anglerfish, is a remote access exploit that hits devices running 4.0 – 4.1.2
• Flamekimmer, a tool by SurfsUp, hits devices that use Broadcom Wi-fi chipsets, running OS 4.4.4
• RCE bugs, by Anglerfish, Fangtooth, NSA and GCHQ, are remote access exploits that can be used for hacking into any device from anywhere
• Dragonfly, currently no information available except that it is a RCE bug for Android security exploits
• Sulfur, by Fangtooth, one of the most critical exploits that hits the kernel files of Android, leaking information remotely
• RoidRage, another tool that allows hackers to have remote access of the hacked device

At first, WikiLeaks provided detailed information on these Android exploits by CIA but it later redacted the pages to prevent the actual codes from getting into the wrong hands.

 

[solitario]

CIA is my friend

[JeffDunhill]

Lol! Then you won't have any trouble sharing your activities with them

[banned]

Tell me how unsafe Windows XP is then I will tell you about Android

 

But seriously, what a horror show Android has been. It's like someone decided to make a new OS without having learned anything from the security mistakes of the past.