(Vault7 is the name given to the set of documents revealed by WikiLeaks that reveals the hacking techniques used by the CIA to secretly access widely used technology.)
The electronics industry is now on notice that it has to check out its products to see if they’ve been compromised, Manners writes.
“Vault7 is a Red Flag,” Peter Dakin, Director of Digital Technology at Metropolis, tells Electronics Weekly, “it gives everyone who makes hardware and software the opportunity to take a look at their whole supply chain – especially the chip people.”
Cisco seem to be leading the way, taking advantage of the information to secure and improve their affected products.
“The release showed the holes in the software of the iPhone, Android, Cisco and many more – and now businesses can address these vulnerabilities,” says Mike Sirius, Head of Development at Metropolis Business Media, “Cisco, for its routers, were one of few to utilise this knowledge.”
As a news story it’s quite a difficult area to address, I feel. The range of topics is wide, the implications for the future are immense, and the size of the archive involved – the sheer volume of documents – is huge. And that’s not to mention any mixed feelings you may have about WikiLeaks as an organisation.
And how can you get can an independent handle on this, what trusted third-party can verify the truth of the technological claims. Universities, perhaps?
For example, can rogue cellphone towers really lead to your phone being controlled? Isn’t the network ‘dumb’ in this sense? A rogue link may be able to silently intercept your comms, but can it initiate a two-way process?…
So many questions. But what do you think? Leave a comment on the article:
One thing is for sure: we have to start taking notice.
“As a society, we’ve sleep-walked into this,” says Dakin.
Actually, another hook to mention this is that second tranche of documents in Vault7 has just been released, published on Thursday by WikiLeaks.
Firmware for Apple kit is covered in this release, apparently, with something called EFI moving into the spotlight (physical access to a device is required, note)
The documents show how the CIA’s spyware infects corners of a computer’s code that antivirus scanners and even most forensic tools often miss entirely. Known as EFI, it’s firmware that loads the computer’s operating system, and exists outside of its hard-disk storage.
“The EFI is what orchestrates the entire boot sequence. If you change something before that, you’re controlling everything,” says Karsten Nohl, the founder of Security Research Labs and a well-known firmware hacker. “It becomes part of your computer. There’s no way of knowing that it’s there, and also hardly any way to get rid of it.”