Apple, Cisco, Microsoft and Samsung react to CIA targeting their products

From the trove of CIA documents dumped by WikiLeaks, we’ve heard a lot about attacks the agency could pull off against TVs and smartphones. Some of companies with targeted products have issued their initial responses.

October 2014 notes discuss the CIA’s Embedded Devices Branch (EDB) and what it should target. For the “really non-technical,” the CIA would define “embedded systems” as “The Things in the Internet of Things.” But the fact that the CIA intended to exploit IoT should not surprise anyone, considering that in 2012, then-CIA Director David Petraeus said the CIA “cannot wait to spy on you” through your smart internet-connected devices.

The EDB notes also mention firmware targets, vehicle systems, network devices, software targets, Linux/Unix, ICS/SCADA, EFI, BSD, Solaris, VxWorks, QNX, implants, network and persistence.

Other documents suggest the CIA has tools to target smart TVs, smartphones, routers and much more. If all of this is true, it is just the beginning, as WikiLeaks said it “has released less than 1% of its Vault7 series in its part one publication yesterday ‘Year Zero’.”

Apple was quick to say it had patched most of the exploits the CIA used against Apple devices.

Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.

Microsoft had a terse response in regard to allegations that CIA malware targets Windows PCs: “We are aware of the report and are looking into it.” But even that was more than Google or the Linux Foundation would say even though the Vault 7 files suggest the CIA can “attack and control” Linux systems and “penetrate, infect and control” Android devices.

As for Samsung and claims the CIA can compromise the company’s smart TVs, Samsung said, “Protecting consumers’ privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter.”

Cisco, which is waiting for more details to be disclosed, determined the following from first Vault 7 disclosure of 8,700 documents:

• Malware exists that seems to target different types and families of Cisco devices, including multiple router and switches families.
• The malware, once installed on a Cisco device, seems to provide a range of capabilities: data collection, data exfiltration, command execution with administrative privileges (and without any logging of such commands ever been executed), HTML traffic redirection, manipulation and modification (insertion of HTML code on web pages), DNS poisoning, covert tunneling and others.
• The authors have spent a significant amount of time making sure the tools, once installed, attempt to remain hidden from detection and forensic analysis on the device itself.
• It would also seem the malware author spends a significant amount of resources on quality assurance testing – in order, it seems, to make sure that once installed the malware will not cause the device to crash or misbehave.

Cisco’s Product Security Incident Response Team will analyze further disclosures and possible malware released by WikiLeaks and then fix whatever needs fixing.