A new leak from wikileaks expose CIA usage of tools and techniques to spy on citizens.
What I will be writing about in these article speaks about Year 0 release (March 2017).
You can access it here: https://wikileaks.org/ciav7p1/
Please note that all source code were removed from the release to avoid massive tool proliferation.
Wikileaks speaks about CIA losing control over the “majority of its hacking arsenal “, I hope for them it is not the case (or at least not in what was disclosed here) because most of the exploits are already patched (and for some of them since many years).
Let’s have a deeper look at what is inside this release and link to what interested me (work still in progress, volume is huge).
Android 4.4.4 max, but does it means you are safe with a newer version? nope, I’m sure they have newer tools that have not leaked yet.
All android details: https://wikileaks.org/ciav7p1/cms/space_11763721.html
Samsung smart TV were targetted by an attack called “Weeping angels” co-developped with british MI5.
Require physical access to the device and create a new mode: “TV seems in standy but micro is recording and sending every data to a CIA server”
Simple DLL injection: https://wikileaks.org/ciav7p1/cms/page_2621760.html It shows that windows UAC might be of some use despite its annoying popup 🙂
Other DLL inkection: https://wikileaks.org/ciav7p1/cms/page_3375332.html PSP (antivirus) might detect it
Skip win8 activation: https://wikileaks.org/ciav7p1/cms/page_3375301.html
List of shellcode exploit they have in stock: https://wikileaks.org/ciav7p1/cms/page_11628669.html
Most exploit code are now available on websites such as: https://www.exploit-db.com
Apple airport and time capsule: https://wikileaks.org/ciav7p1/cms/page_14588150.html
CIA even has its own Visual Studio wizard: EDG project wizard https://wikileaks.org/ciav7p1/cms/page_11629039.html
The were interested in lots of other topics, you can browse and read freely.
Hacking team leak: https://wikileaks.org/ciav7p1/cms/page_22642800.html