So, how gadget paranoid do we need to be given last week’s Wikileaks dump about how the CIA is spying on us via our smartphones and TV sets?
Not so much, really.
A lot of the coverage about the Vault 7 data dump was breathless nonsense. You would think by reading the reporting on it that the CIA could peek into popular messaging apps like WhatsApp and the secure Signal chat software. You would think that your Samsung SmartTV was at risk of being turned on remotely so it could act as a hidden microphone for the agency.
If you were paranoid enough, you might even think that means the CIA could hack in-home devices like the Amazon Echo and Siri, or that Google Home could be used to spy as well. Not to mention the webcam on your laptop.
None of that is true. There is, actually, no evidence that the CIA has hacked a Samsung TV. And, what the documents show is that in order to do that, the agency would have to physically plug a USB thumb drive into the TV to potentially compromise it. So, the agency would have to target a specific TV for a specific purpose. Not that they have — they just want to.
The CIA cannot hack into WhatsApp and Signal. There is no evidence they can. They may be able to compromise a target’s phone, but that’s often because a target has installed malware or an agent gets physical access to a target’s device. And, most of the vulnerabilities the documents claim the CIA can use have already been plugged by smartphone makers. Plus, the tools mentioned are pretty old school and well known to the hacker community. There is nothing bleeding edge or secret to see here.
Devices in your home like the Echo sit in near-sleep mode listening for keywords like “Alexa” before they kick into high gear and reach out to the web to answer your question. If you think Amazon could alter those trigger words to include “bomb,” “sex” or “terrorist” then you are disappearing down a paranoid conspiracy rabbit hole there is no escape from.
In short, the concern that our gadgets are open windows into our private lives because of the CIA’s software tools is ridiculous.
The average gadget-using human isn’t at any significant risk for device invasion. Many of the exploits that could be used require that there is physical contact with your device. In other words, again, these are hands-on exploits aimed at specific users, not you.
No thanks to ill-informed stories about CIA hacks, people are becoming gadget paranoid. But, often that paranoia is demonstrated in what I call the Theatre of Privacy.
Look around your nearest coffee shop. You’ll often see folks with the webcam of their laptop covered with tape or a Band-Aid. But, right beside that laptop is a smartphone sporting a front- and back-facing camera, both of which are wide open to the world. Now, which device is more personal and more likely to be with you in even the most intimate of places? That’s Theatre of Privacy.
It does nothing for a few reasons. First, I couldn’t actually find an in-the-wild exploit that can take over a MacBook (which most folks with taped-over laptop webcams are using in my observation). And Windows machine exploits for other operating systems are rare or require that your specific device is physically compromised. Also, most laptops have their “on” light hard-wired to the camera so software can’t turn it off.
Second, someone would have to have those tools and a reason for compromising your device. Like the reality of child abduction, the most likely person to want to have access to your webcam is probably someone you know, not a random stranger. So, again, that person who is known to you would also have to have the tools to access your webcam and a reason to do that. And they risk being arrested if caught. For almost all of us, that reduces the threat to zero. The idea that some random creep is hacking your webcam is more sleepover urban myth than reality.
Third, some modern laptops like the latest MacBook Pros contain webcam and microphone controls within what’s called a secure enclave so no hacker could, say, turn on your webcam without the “on” light being lit. Even if it is being accessed, which is really, really unlikely.
And, if you’re blocking your laptop webcam but not your smartphone you actually don’t know what you’re doing. You’re just aping what you see. That’s especially true if you’re using that same smartphone to take selfies. Really, think about it. You are so concerned about somebody taking convert videos of you that you aim a camera right at yourself over and over, in change rooms, at the beach and in a bathroom mirror.
Should we have a reasonable concern about our privacy? Sure. Should we be paranoid about hacks and exploits that are as unlikely as your computer turning into a running shoe? No. Should we be more concerned about all this because of the Wikileaks Vault 7? No, again. We’ve got more important things to be worrying about than a SmartTV watching us. And besides, how interesting would it be to have terabytes of footage featuring slack-jawed viewers sitting in the blue-tinted dark watching Game of Thrones?
Really, if you’re truly concerned about privacy, a Band-Aid solution isn’t the answer.
Listen to an audio version of this column, read by the author.
Wayne MacPhail has been a print and online journalist for 25 years, and is a long-time writer for rabble.ca on technology and the Internet.
Photo: Vincent Brown/flickr