WikiLeaks released thousands of documents on Tuesday that it claimed described software tools used by the CIA to hack into smartphones, computers and Internet-connected televisions.
What do you do if all your devices are open to hacking? Android and iOS phones and watches, Bluetooth, WiFi, “Smart” TVs, laptops, tablets, GPS, car stereo, computers, Alexa and Google Home, home alarm systems – in other words, everything?
There are three solutions.
Find a way to put security on the device or devices so malware can’t affect them. This solution sounds good, but it is impossible. Consider the webcam on your PC or laptop. How can you protect it from being turned on without your permission and without you knowing it? You can put a cover over the webcam, which is about the only thing that will defeat the camera. But you have to remember to keep it covered. And even if you do, the microphone is still going to work, since the microphone in laptops is not co-located with the camera. And even if you cover your camera on a PC, the microphone is sensitive enough to hear everything you have to say. Is there a software solution, like a hard switch? There should be, but you won’t find one on the market. Wonder why?
The truth is that attempts to make devices secure ranges from hard to impossible. It is impossible because hardware producers don’t really care much about security.
Consider surveillance cameras. Today’s surveillance cameras run on WiFi and are connected to the Internet. Security? There isn’t any. So when the government surrounds its most sensitive diplomatic sites with cameras, as they did in Afghanistan, not only did they buy WiFi based cameras that run openly on the Internet, but they bought them from a Chinese-owned company on a sole source contract without caring one whit about security. Hooray for the State Department. Keep up the good work and they will all be dead someday.
Turn off all devices. This sounds like a good solution except it is not. In fact, it is much worse than moving your devices away from where you are because a turned off device is not safe. There is malware produced by the NSA and CIA that provides a false off setting, so what you think is off is still running. Thus a smartphone, for example, will still be on in a limited manner so that the microphone is working recording all conversations, which it can either store and send later, or live stream.
The same is true for your TV. Wikileaks, in a big expose of the CIA says that the CIA developed a malware with a fake off for Samsung smart TVs in cooperation with MI5.BTSS. So the TV speaker is transformed into an ultrasensitive microphone that is always on, hearing everything and pushing it along the Internet back to Big Brother. You can bet your boots that all the other spy operations in the world are exploiting TVs and other devices in a similar manner. So if there is a TV in the room, a good idea is to go to another room without a TV. And leave your smartphone with the receptionist.
Be an aggressive and persistent liar, or APL. An APL figures he or she is wiretapped so the idea is to provide a steady stream of false and misleading information.
An APL requires a lot of discipline and prior arrangement with his interlocutors. If he or she is a really good APL, the story telling and misdirection can be very sophisticated. But obviously it has to be credible, so it takes practice to reach the top levels of APL.
Terrorists have been known not so much to be APLs as to use substitute words and phrases to cloak what they really mean. For example, “We are going to meet tomorrow at Pine Cone where we will buy hamburgers” where Pine Cone could be a certain gun shop and hamburgers could be assault rifles. Substitute words require a phrase book and a lot of prior preparation. If the phrase book is discovered or compromised, the terrorist is likely to find himself or herself at the losing end of a Hellfire missile.
The biggest ongoing security problem is that people lack either the discipline or interest in following reasonable security procedures.
Don’t believe that? Then ask how Mike Pence, our Vice President, and Hillary Clinton were willing to use commercial email services that are easily hacked, or in Clinton’s case risky mobile phones. Many others join these ranks including Nicolas Sarkozy, the former French premier who thought he could cheat by using a false name on the phone account, or Angela Merkel, who found that her secure smartphones were all exposed to US spying, or John Kerry who persisted in using his iPhone, or at least that is what State Department folks told me. And there are many others, in fact way too many.
We may have reached the point that even where there are willing security-motivated participants the risks are so overwhelming that any semblance of maintaining privacy is impossible.
That raises not only issues of personal security but national security. Things are clearly out of hand.
Dr Stephen Bryen is the author of the new book, Technology Security and National Power: Winners and Losers (Transaction Publishers). Dr Bryen has 40 years of leadership in government and industry. He has served as a senior staff director of the US Senate Foreign Relations Committee, as the Deputy Under Secretary of Defense for Trade Security Policy, as the founder and first director of the Defense Technology Security Administration, as the president of Delta Tech Inc., as the President of Finmeccanica North America, and as a Commissioner of the US China Security Review Commission.