If you have an Android phone and this week’s revelations about the CIA’s hacking capabilities have you worried, you needn’t be. On Thursday, Google told members of the press that many of the exploits and vulnerabilities mentioned in the report have been patched in subsequent versions of Android.
“As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities,” Heather Adkins, Google’s director of information security and privacy, told ZDNet. “Our analysis is ongoing and we will implement any further necessary protections. We’ve always made security a top priority and we continue to invest in our defenses.”
Earlier this week, Wikileaks orchestrated a dump of more than 8,000 classified CIA files pertaining to agency’s cyber warfare efforts. Among the many documents were spreadsheets of stockpiled exploits for Microsoft’s Windows operating system, Apple’s MacOS, iOS, and Android. Vulnerabilities that weren’t purchased from contractors, discovered internally, or available publicly appear to have been circulated by GCHQ, the U.K.’s electronics surveillance agency, and the U.S. National Security Administration
Roughly 24 Android vulnerabilities referenced in the leak, along with specific phones like Google Nexus and Samsung models like the Galaxy S5 and the Note 3. Forbes points out that there are at least 10 remote code execution bugs, critical weaknesses that allow a hacker to run malicious code over the internet. EggsMayhem, an attack developed by the NSA and GCHQ, targets the Chrome browser. An exploit called Sulfur forces
But the situation is less dire than headlines suggest. Michael Shaulov, head of mobile security at Check Point, told Forbes that there didn’t seem to be evidence of exploits affecting versions after Android 4.4 or the latest version of
Separately, an analysis by Android development forum XDA Developers found that many of the security holes mentioned in the report relate to older
Android exploits aren’t the only tools at the CIA’s disposal, of course. The agency has reportedly broken the security of popular chat apps like WhatsApp, Signal, Telegram, Weibo, and others by intercepting messages and photos before they could be encrypted. And the scope of the hack extends far beyond smartphones. The documents made reference to smart TVs and connected cars, many of which remain unpatched.
Apparently, however, Apple devices aren’t at risk. This week, Apple told members of the press that the latest version of iOS contained fixes for the vulnerabilities mentioned in the leak.
- Update Chrome now to avoid this major zero-day exploit
- Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs