Tim Cook speaks during the keynote address during the 2013 Apple Worldwide Developers Conference. Apple and other big consumer tech companies face allegations from a WikiLeaks data dump of alleged government documents that the CIA was able to hack iOS and other operating systems.(Photo: Kimberly White Getty Images)
SAN FRANCISCO — The tech industry just can't shake the ghost of Edward Snowden.
Nearly a year after a unified front of companies fought the FBI's attempt to hack the encrypted iPhone of a terrorist, the biggest consumer tech names (Apple, Samsung, Google, Microsoft) are facing a deep and multi-fronted new series of allegations that federal authorities can override their best efforts at security.
Thousands of documents published by WikiLeaks Tuesday describe an arsenal of CIA hacking tools that can turn iPhone and Android smartphones, TVs, computers and other coveted consumer products into "covert microphones."
The data trove threatens to reprise the public distrust of tech companies that hit a peak when ex-federal contractor Snowden revealed NSA spying and collaboration between the government and Internet and phone companies used by millions. Waving the flag of consumer privacy, tech companies have been trying to repair the brand damage since.
From the archives:
On Tuesday CIA issued a statement declining comment on the "purported" documents. USA TODAY has not yet been able to confirm the authenticity of the documents nor seen anything in them thus far to indicate the tools were used in the U.S.
Silicon Valley initially responded with resounding silence to the latest WikiLeaks bombshell.
Apple, Microsoft, Google and WhatsApp (owned by Facebook) on Monday said they were looking into the matter. Signal did not respond to an email message for comment on the report.
Late Tuesday, Apple said its initial analysis "indicates that many of the issues leaked today were already patched in the latest iOS (but) we will continue work to rapidly address any identified vulnerabilities."
On Wednesday, Samsung weighed in. "Protecting consumers’ privacy and the security of our devices is a top priority at Samsung," it said. "We are aware of the report in question and are urgently looking into the matter."
Late Wednesday, Heather Adkins, director of information security and privacy, issued a statement: "As we’ve reviewed the documents, we're confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities. Our analysis is ongoing and we will implement any further necessary protections. We've always made security a top priority and we continue to invest in our defenses."
If true, the blockbuster disclosures not only will rock the tech world but could foster widespread paranoia among consumers that their most prized digital devices could be spying devices, casting doubt on their security and the companies that design and build them, say cybersecurity experts.
"Everybody should have been worried before, but this is reason to worry more," says Phil Reitinger, CEO of the Global Cyber Alliance and a former director of the National Cyber Security Center. "There is a soaring risk for attack that this feeds into."
Among WikiLeaks' allegations in its release, dubbed 'Vault 7':
— Developers created programs in homage to popular culture, including RickyBobby, an “implant” to computers running Microsoft Windows referencing the 2006 Will Farrell movie Talladega Nights. Another program, called a trojan, was dubbed Fight Club. Spread via thumb drives, it referenced the 1996 novel and 1999 movie with Brad Pitt.
— Hackers have lists of targeted information like: geolocation data, user identification information, counter-intelligence, pattern of life, return information and general machine information.
— A specialized unit in the CIA's Mobile Development Branch "produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads."
— Government hackers were able to infiltrate Android phones and collect “audio and message traffic before encryption is applied,” WikiLeaks said in a statement.
— Some of the hacks can be deployed via games like 2048, a single-player sliding block puzzle game, or Sudoko. Others deploy from communication programs like Skype or virus-prevention programs such as McAfee.
— Encrypted messaging tools for popular phone and messaging services, including WhatsApp, Telegram and Signal, were bypassed, according to a New York Times report.
— Some of the WikiLeaks documents describe tests of hacksdesigned to infiltrate network routers, the computers that are responsible for directing traffic on the internet.
For Silicon Valley, the disclosure is the latest example of a government agency posing a serious threat to global trust in their products, , says Richard Henderson, global security strategist at cybersecurity firm Absolute Software.
"This takes the topic to a deeper level," Henderson says.
What Snowden started jolted the market into accepting that “we are more vulnerable than we thought we were,” adds Casey Ellis, CEO of security company Bugcrowd. "The 'Vault 7’ disclosures are simply taking us deeper down the rabbit-hole of how, why, and where."
Contributing: Nick Penzenstadler, Elizabeth Weise and Brad Heath