Apple is urging users to update their iPhone devices immediately following the WikiLeaks revelation that the CIA are able to listen in on private conversations.
According to Apple, any devices that do not have the latest iOS update are at risk from the CIA’s secret hacking program as detailed in WikiLeaks’ Vault7 release on Tuesday.
The WikiLeaks release has sent shockwaves around the world after it emerged that the CIA installed malware on devices such as the iPhone, Android, Microsoft Windows, and Samsung Smart TVs.
The WikiLeaks document dump shined a light on CIA use of malware that can bypass encryption protection in a wide range of devices, including Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs.
In its accompanying press release, WikiLeaks explained: “a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads.”
Apple suggested that the solution to protecting devices from any such hacks is to do what the company always stresses its customers to do: stay current with security updates.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” an Apple spokesman said in a statement. “We always urge customers to download the latest iOS to make sure they have the most recent security updates.”
The spokesman noted that nearly 80 percent of Apple product users are running the latest version of their operating system.
Apple faced a legal battle last year when the FBI sought its help in breaking into the iPhone 5c used by terrorists in the San Bernardino, Calif., attack in 2015. The FBI ended up paying hackers figure out how to break into an Apple iPhone, but the hack was only applicable to the iPhone 5c and iOS operating system, and not the current lineup of iPhone 7s.
The bureau effectively used cybermercenaries, according to unnamed sources quoted by the Washington Post, to figure out how to break into the iPhone 5c used by terrorists in San Bernardino, Calif. It did not use the Israeli tech firm Cellebrite, as analysts had generally believed.
The Vault7 publication of CIA documents covers a period of time from 2013 to 2016. The latest iOS update, 10.2.1, was released on Jan. 23.
Some of the other companies whose products were mentioned in CIA documents also commented on the potential security threat to their devices.
WikiLeaks revealed a CIA project called “Weeping Angel,” which turns smart TVs into covert microphones. In regards hacking into the Samsung smart TV, specifically the F8000 model, the spy agency worked with the United Kingdom’s MI5/BTSS, to create a “fake off” mode that allowed secret recording of conversations in the room.
Samsung responded to the WikiLeaks dump by saying the company is “urgently looking into the matter.”
“Protecting consumers’ privacy and the security of our devices is a top priority at Samsung,” the company said, according to the BBC. “We are aware of the report in question and are urgently looking into the matter.”
Microsoft also said it is looking into the WikiLeaks report. Google has not yet commented.