Tech majors like Apple and Samsung, which have been the subject of scrutiny following the latest WikiLeaks expose on hacking by CIA, have responded to claims that their operating systems could be open to vulnerabilities.
In a statement, Apple claimed the “issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities”. It said the technology built into the iPhone is the best data security available to consumers and Apple is “constantly working to keep it that way”.
“Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 per cent of users running the latest version of our operating system,” the statement added.
Apple’s full statement reads,
“Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.”
Samsung, whose F8000 series smart televisions found specific mention in the leaks, said protecting consumers’ privacy and the security of our devices is a top priority. “We are aware of the report in question and are urgently looking into the matter,” the statement added.
The leaks claimed CIA had worked with British intelligence agencies to create a ‘Fake Off’ mode for the smart televisions which could be used to spy on the users.
Microsoft, meanwhile, said they were aware of the report and were looking into it. On reports that the CIA had created “attack and control systems” for Linux-based software, The Linux Foundation CTO Nicko van Someren told BBC that given the popularity of the platform it was not surprising that state agencies from many countries would target it.
He claimed “rapid release cycles” have helped the open source community to fix vulnerabilities and release them faster to end users. Though the worst-hit, given the popularity of its Android operating system and CIA’s special interest in the same, Google declined to comment on the case so far.
Telegram, which is another of the messaging apps that has found mention in the CIA Wikileaks dump has also issued a statement on these ‘zero-day vulnerabilities’ and said that the issue doesn’t applying to their individual app, but rather to the smartphone software itself. As we’ve pointed out in a separate article, encryption of the app doesn’t ensure data security if the device is compromised at a root kernel level, which appears to be the case with the CIA hacking tools.
Telegram’s statement reads, “To put “Year Zero” into familiar terms, imagine a castle on a mountainside. That castle is a secure messaging app. The device and its OS are the mountain. Your castle can be strong, but if the mountain below is an active volcano, there’s little your engineers can do. So in the case of “Year Zero”, it doesn’t matter which messenger you use. No app can stop your keyboard from knowing what keys you press. No app can hide what shows up on your screen from the system. And none of this is an issue of the app.”
While Telegram has faced criticism in the past over its security claims, it does have a point when it says the issue is not about the app, but rather the OS itself. Telegram goes onto say in its post that device and OS manufacturers, like Apple, Google, or Samsung need to fix the problems.
“It applies to devices and operating systems and will require security updates from their respective manufacturers to mitigate the threats. Naming any particular app in this context is misleading.”
Meanwhile another messaging app called Signal has also found mention in the leaks. Signal which uses the Open Whisper System protocol for encryption, (incidentally this same protocol is used by WhatsApp, and Facebook Messenger in its ‘Secret Conversations) has also pointed out the app was not compromised.
The app creator Moxie Marlinspike told New York Magazine,“End-to-end encryption has pushed intelligence agencies away from undetected and unfettered mass surveillance to where they have to use high-risk and targeted attacks.”
Internet privacy organisation World Wide Web Foundation’s policy director Craig Fagan was quoted by the BBC as saying that the US government needed to issue a detailed response. He said while governments should be safeguarding the digital privacy and security of their citizens, the leaks suggest the CIA was doing just the opposite.