Earlier today, WikiLeaks unleashed a trove of what it claims are thousands of pages of CIA documents containing details on the intelligence agency’s abilities to breach a variety of consumer products to collect data and spy on people.
It’s important to note that, according to the CIA, the agency is “specifically prohibited from collecting foreign intelligence concerning the domestic activities of US citizens.”
Even so, privacy and data security concerns are top of mind for consumers these days. In a recent nationally representative CR Consumer Voices Survey, 65 percent of respondents told us they are either slightly or not at all confident that their personal data is private and not distributed without their knowledge.
While everyone is still going through the process of reading and trying to understand these files, here is a look at some of the most significant allegations made by WikiLeaks.
1. “Weeping Angel” Turns Your TV Into A Bug
According to WikiLeaks, these newly released documents shine a light on the CIA’s Engineering Development Group, which allegedly produces hacking tools and malware for the agency to use for covertly obtaining information.
The documents leaked include details on a project dubbed “Weeping Angel,” which appears to be able to turn your TV into a listening device.
The TV’s user may believe their television is turned off, but the documents reference the ability to impose a “fake-off” state where the TV appears to be powered down but it continues to listen.
2. Remotely Hacking Wireless Devices
The documents also provide details on alleged projects by the CIA’s Mobile Devices Branch intended to allow the agency to remotely access and control a number of smartphones, including the devices’ cameras and microphones.
WikiLeaks claims that the CIA could collect sensitive information — audio, text messages, location — from hacked phones. (MDB) developed numerous attacks to remotely hack and control popular smart phones.
The documents, if authentic, indicate that the agency has developed exploits for Apple iOS products like the iPhone and iPad and for the more popular Android-based devices.
According to WikiLeaks, the exploits used by the CIA could allow the agency to bypass encryption, on messaging services like WhatsApp and Signal, where communications are fully encrypted while in transit.
3. Making Use Of Malware
While most people associate malware with criminal attempts to steal identities or scam people out of their money, WikiLeaks claims the CIA has developed malicious software to gather intelligence.
The documents reference viruses like HammerDrill, which can apparently be used to attack secure computers that have been air-gapped (i.e., are not connected to any network).
4. Thinking Ahead
The leaked documents also include what appears to be a wish-list of sorts for the Engineering Development Group.
Under the heading of “Potential Mission Areas” for the group are items including: “Vehicle Systems,” appearing to indicate an interest in hacking automobiles; “Firmware Targets”; and “Linux/Unix,” referencing the popular operating systems.
What We’re Doing
“Today’s reports about the alleged vulnerabilities of consumer devices are cause for serious concern, and CR will be monitoring developments, asking questions, and listening to and communicating with consumers to ensure that their voices are being raised as this story unfolds,” says Marta L. Tellado, President & CEO of Consumer Reports, the parent company of Consumerist. Just yesterday, CR announced a new initiative to advance the privacy and data security of consumers in the face of digital vulnerabilities—including those presented by connected products such as phones and televisions.
“Today’s news underscores the urgent need for strong privacy protections in the digital marketplace, and CR will work tirelessly to advance the rights of consumers to safeguard themselves from intrusion and abuse, whatever its source,” Tellado says.
Editor's Note: This article originally appeared on Consumerist.