SAN FRANCISCO — The ability of the CIA to hack into Apple products was one of the more noteworthy revelations made Tuesday, amid a trove of documents released by WikiLeaks purporting to reveal the cyber tools used by the US intelligence agency. But on Tuesday night, Apple released a statement claiming that, as far as they knew, they had patched, or fixed, the bugs allegedly used by the CIA to hack into their products.
"Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates," read the Apple statement.
The CIA can also compromise smartphones that run Google's Android operating stem, WikiLeaks claims. Heather Adkins, Google's director of information security and privacy, told BuzzFeed News in a statement Wednesday evening that security remains a top priority at the company. "As we’ve reviewed the documents, we're confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities," she said. "Our analysis is ongoing and we will implement any further necessary protections."
The WikiLeaks documents also described a CIA program that uses Samsung TVs as secret microphones. On Wednesday, Samsung told BuzzFeed News in a statement: "Protecting consumers’ privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."
The WikiLeaks documents claimed that the CIA had exploits that could work on iPhones, which have widely been seen as a more secure choice than Android. The details of how those exploits work, however, were not included in the documents, likely making it difficult for Apple to conclude with absolute certainty whether it had patched all the bugs within their system the CIA had used to potentially infiltrate the phone.
Those bugs, or exploits, are commonly referred to as "zero days," a name given to bugs or other issues with a piece of technology that the original manufacturer doesn’t know about yet. Zero days are essentially problems within a machine or system that the manufacturer has had zero days to fix, so whether within an app on an iPhone or Microsoft Word, hackers can use it to break in.
In their release, WikiLeaks wrote, “‘Year Zero’ introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of ‘zero day’ weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.”
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Contact Sheera Frenkel at Sheera.Frenkel@buzzfeed.com.
Hamza Shaban is a technology policy reporter for BuzzFeed News and is based in Washington, D.C.
Contact Hamza Shaban at Hamza.Shaban@buzzfeed.com.
Got a confidential tip? Submit it here.