Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
TECHNOLOGY, DISCOVERY & INNOVATION. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Computing / Apple Tackles CIA Hack Security Hole
Apple Tackling Security Holes in Response to CIA Leak Claims
Apple Tackling Security Holes in Response to CIA Leak Claims
By Alex Hern Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MARCH
08
2017
Apple has promised to "rapidly address" any security holes used by the CIA to hack iPhones, following the release of a huge tranche of documents covering the intelligence agency’s stockpile of software vulnerabilities.

The leak, dubbed "Vault 7" by its publisher WikiLeaks, is made up of a collection of around 10,000 individual documents created between 2014 and 2016. A spokesman for the CIA said it would not comment "on the authenticity or content of purported intelligence documents" and Trump administration spokesman Sean Spicer also declined comment.

Apple, one of numerous tech companies whose devices appear to have been targeted, released a statement late on Tuesday saying many of the vulnerabilities described by the documents were already fixed as of the latest version of its iOS mobile operating system, and aimed to reassure customers that it was working on patching the rest of the holes.

It said: "While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities," it added. "We always urge customers to download the latest iOS to make sure they have the most recent security updates."

Other companies mentioned in the leaks, including Microsoft and Samsung, gave briefer statements. "We are aware of the report and are looking into it," Microsoft said.

Samsung said: "Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."

Google has yet to comment on the leaks, which contain a sizeable amount of information on how to target its Android operating system.

While Apple has tried to reassure customers that "many" of the vulnerabilities mentioned in the document have now been fixed, the leak itself represents just a snapshot in time of the CIA's capabilities, which may have developed further since the documents were created.

One page of the leak, which focuses on iOS exploits, shows the most recent version of iOS as 9.2. That version was released in December 2015, implying that the iOS-specific document was created between 8 December that year and 15 January 2016, when iOS 9.2.1 was made available.

That page shows some exploits, such as one named "Nandao" and apparently discovered by Britain's GCHQ, which were unknown outside the intelligence community at the time the document was created. Such an exploit is known as a "zero-day" vulnerability, for the number of days the manufacturer has had to fix the problem.

It takes many separate vulnerabilities to craft a full malware kit that can be used to remotely take control of a smartphone. The WikiLeaks document lists six separate vulnerabilities required to remotely exploit an iPhone running iOS 9.2, with codenames like Saline, MiniMe and Juggernaut, and a manufacturer fixing any one of those holes can weaken an attacker's capabilities.

The requirement to keep such zero-day exploits secret from the manufacturer, lest they be fixed, also explains why they are unlikely to be used for anything other than targeted surveillance, security experts say. In August 2016, for instance, Apple issued a global iOS update after three zero-day attacks were found being used to try and break into the iPhone of an Arab human rights activist.

The quantity of exploits referred to in the Vault 7 leak has also drawn fresh criticism of the CIA and other intelligence agencies' practice of purchasing or otherwise discovering security flaws in popular hardware and software, and failing to disclose the flaws to the manufacturers.

"Here's the big deal," tweeted Edward Snowden, the source of a previous huge leak of NSA hacking capabilities: "First public evidence USG [US government] secretly paying to keep US software unsafe. The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words."

Publicly, the US government has insisted that it doesn't stockpile such exploits, instead reporting "the greatest numbers of vulnerabilities" it finds, rather than keeping them secret. But it has always maintained the right to keep particularly critical vulnerabilities secret if they have "a clear national security or law enforcement" use.

© 2017 Guardian Web under contract with NewsEdge/Acquire Media. All rights reserved.
Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN COMPUTING

SCI-TECH TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.