Vault 7, which Wikileaks finally opened, didn’t reveal good news. What it did reveal is the CIA`s wide hacking capacity. The agency uses out smart devices for espionage by bypassing the encryption layers of our favorite messaging applications, including the very popular WhatsApp.
CIA developed techniques to go around the encryption layers, which users all over the globe rely on for confidentiality when using WhatsApp, Signal, Weibo, Confide, Cloakman, and Telegram.
Accosting to the information published by Wikileaks, CIA has many divisions working on ways to create malware pieces with the main purpose of taking control over Android devices, iPhones, etc. One of these divisions is known to has used zero-day vulnerabilities, found in the operating systems, to build malware and then used them to bypass any encryption layers, including the ones in the above-mentioned messaging applications.
Moreover, Wikileaks’s analyzing also explains that the CIA`s malware and hacking tools are developed by the Engineering Development Group (EDG). EDG is a software development group with the Center for Cyber Intelligence (CCI), which, in turn, is a department that belongs to the Directorate for Digital Innovation (DDI) within the CIA.
For any kind of malware (exploits, Trojans, backdoors, etc.) that CIA created and put in use, EDG offered developed and tested operational support.
Mobile Devices Branch, another CIA`s division, created many remote hacking attacks to take control over popular smart devices. These attacks inform CIA about the users` geographical location as well as their text and audio communications. The attacks could also secretly turn on the device`s microphone and came, turning it into a spying gear.
The CIA has two divisions working on different operation systems (iOS and Android) and trying to weaponize both types. The iOS branch has developed a malware piece to infest, control and exfiltrate data from iPhones, iPads, etc. The branch working on Android OS uses “zero-days” vulnerabilities to do the same. These were either obtained from GCHQ, NSA or cyber arms contractors or developed inside the CIA.