WikiLeak’s trove of CIA cyber documents is being hyped as one of the biggest leaks since Edward Snowden blew the whistle on the NSA. But according to one of the world’s top jailbreakers, you shouldn’t believe the hype.
Cyber security expert Will Strafach, who gained notoriety under the name Chronic for finding zero-day exploits used for jailbreaking, says iOS users don’t need to be worried.
“I do not believe any iOS user running iOS 10+ has any cause for concern by this,” Strafach told Cult of Mac in an email after we asked for his expert opinion on Tuesday’s big CIA leak.
Other security analysts like Nicholas Weaver, a researcher who leads network security efforts at the University of California, Berkeley, echoed similar thoughts on the leaks. Weaver said they’re interesting but not surprising.
The timing of the leaks might be helpful to the Trump administration, which has been facing increasing scrutiny for its connections to Russia in recent days. Before last November’s presidential election, Wikileaks published a trove of emails from the Democratic National Committee. The U.S. intelligence community said the Kremlin passed the documents to WikiLeaks to help tip the election in Donald Trump’s favor. It should also be noted that the people behind WikiLeaks are not necessarily experts on iOS, Android and Windows security. Some or many of the claims made in WikiLeaks’ press release accompanying the massive document dump could be inaccurate.
No, Signal and other encrypted apps haven’t been cracked
Some internet users began to worry when news of the leaked documents first arrived because several new stories claimed that secure apps like Signal, WhatsApp, Telegram, Weibo, Confide and Cloakman had been hacked. In fact, the encryption on the apps appears not to have been compromised, but the CIA may be able to extract texts and voice data from devices by hacking the underlying OS on the device itself.
“WikiLeaks’ claim of bypassing encryption of Signal (and others) is phrased very misleadingly,” Strafach told Cult of Mac. “If someone is specifically targeted and their phone is running an older version and thus vulnerable to exploitation, no ‘secure’ apps can protect you because the OS itself is compromised (so that of course includes Signal and such).”
Strafach said the CIA’s wiki pages and notes look very similar to the way the Chronic Dev Team put its research together when working on iPhone jailbreaks. This suggested to him that the CIA’s iOS hacking team runs more like a small internal jailbreaking team, rather than the National Security Administration’s Tailored Access Operations group, which is more bureaucratic and utilizes advanced infrastructure.
“The way they have their infrastructure and wikis set up leads me to believe that this is a small team focused on experimentation and R&D efforts, not a huge operation with specific targets and mission,” Strafach said.
Looks more like an R&D effort
He also said it appears most of the software isn’t “production-ready” and seems to be largely “experimental.” He noted that much of it isn’t very “covert,” where the CIA would try to cover up its hacks.
“What is here would only be useful on a valuable intelligence target (such as a known terrorist) in which being noticed after the fact isn’t a concern, as long as they acquired the needed intelligence,” he said.
Strafach noted that these are his initial thoughts, and that future leaked documents could bring new revelations. WikiLeaks indicated that there is even more info to add to the more than 8,000 documents released today. But so far, the leaks don’t look really alarming for most iPhone users.
“My only initial goal at the moment has been trying to clearly figure out if average iOS users should be concerned about a malicious party using the released content to hack their device, and the answer is ‘No’ it seems,” Strafach said. “That said, WikiLeaks indicates there is more to release, so no idea what may be in upcoming content.”
We will update with any further details.