Skip to main content

WikiLeaks leak claims CIA can get past phone encryption, hack into Smart TVs

This leak of more than 8,000 files has not been authenticated – though it appears legitimate.

WikiLeaks published a collection of more than 8,000 documents and files Tuesday that, if legitimate, show how the CIA can hack into phones, TVs, and other devices.

The group alleges some of the largest software and hardware companies are vulnerable – including the iPhone, Android devices, Microsoft Windows, and Samsung Smart TVs. The CIA's hackers, according to the documents, are able to access data from all of them – even if encryption services like WhatsApp or Signal are being used – with texts, audio messages, and more available.

The leak has been dubbed "Year Zero," with WikiLeaks claiming the documents come from the CIA in Langley, Virginia, and are from 2013-2016. The group obtained these after it says the CIA lost control of much of its hacking arsenal – millions of lines of code used to execute different cyber intrusions.

The arsenal has been shared (without authorization) by former government employees and contractors, with one giving a portion of the documents to WikiLeaks.

This is only a portion of what's revealed in the leak – expect more to come out in the coming hours and days as people comb through all the files. But here's a rundown of the big stuff right now, all according to WikiLeaks.

Are these legit?

This is the big question: Are these documents actually from the CIA?

The New York Times says their authenticity appeared "likely" after a review. And a source in the intelligence community told the Wall Street Journal some of the information "does pertain to tools that the CIA uses."

The CIA publicly has told outlets such as the Washington Post it doesn't comment on the authenticity of documents.

Phone hacking

According to the documents, the CIA has a special unit that "produces malware to infest, control and exfiltrate data" from devices that use iOS – so iPhones and iPads, for example.

There's another unit targeting Google's Android operation system.

The CIA's methods allow hackers to get audio and texts from the phone – even if someone is using supposed safety apps like WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman. The CIA is able to hack into the smartphone itself, and skim all that information before any encryption is applied to it.

Smart TVs

The CIA, in collaboration with British intelligence services, created a way to use Samsung Smart TV sets as a bug – able to listen in and record everything, even though it looks like it's not powered on, according to the documents.

Called "Weeping Angel," the malware turns the TVs to a 'fake-off' mode. So someone thinks it's off when it's actually on, recording what it hears and sending it via the internet to CIA servers.

Windows, OSx, Linux all targeted

The vulnerabilities go to computer operating systems too.

WikiLeaks says the CIA uses multiple strategies to try to infect Microsoft Windows computers, including "local and remote weaponized 'zero days', air gap jumping viruses ... infectors for removable media such as USBs," and more.

The agency also has automated malware attacks for Mac OS X, Solaris, Linux, and more.

'Zero day' vulnerabilities

"Zero days" are a common term in the hacking world – a zero day vulnerability is when there's a hole in software that opens it up to possible hacks, but the developer doesn't know it exists, WIRED explains. Since the person who made the software doesn't know about the vulnerability, anti-virus programs also don't know about it. And you can't fix a problem you don't know is there.

The term is a reference to how many days the software creator has known about the hole, WIRED says.

According to the WikieLeaks documents, the CIA collected zero days that could be used against the major manufacturers (Apple, Google, Microsoft, etc.) – and didn't tell those companies about it. So they would learn about security holes, track them, but not alert the people who could fix it.

Not divulging these zero days would seemingly go against a public Obama-era policy, which said it wouldn't be in national security interest to amass "a huge stockpile of undisclosed vulnerabilities while leaving the internet vulnerable and the American people unprotected."

Here's one example of a zero day vulnerability that wasn't disclosed, WikiLeaks says:

More docs are coming

As mentioned above, these documents have not been verified – though other reporting points to them being legitimate.

WikiLeaks meanwhile promises that this Year Zero release is just the first in a series.

You can search through all of the leaked documents here. (Note it includes very technical language.)

Next Up

Gopher Football

Watch: Gophers troll Badgers with 'Jump Around' after Saturday's win

First they took Paul Bunyan's Axe. Then they took their tradition.

Brandon Richart, missing person

Search underway for missing man in Anoka area

Brandon Richart was last seen Nov. 17.

U.S. Bank Stadium

5 teams win first state championships at Prep Bowl

A pair of records fell as the Prep Bowl lived up to the hype.

ashley Carlson

Remains of missing WI mom found in Pine County, MN

Ashley Miller-Carlson was 33 years old.

D'Angelo Russell

D'Lo's late takeover helps Timberwolves win double-OT thriller

Russell caught fire to help the Timberwolves get back to .500.

Gopher Football

Gophers suffocate Badgers, reclaim Paul Bunyan's Axe

Minnesota picked up its first home win over the Badgers since 2003.

Meeker County Sheriff's Office

Boy, 6, run over after falling off trailer in Meeker Co. tree farm accident

He was airlifted to Hennepin County Medical Center with internal injuries.

Target store

Target unveils deals for 2-day 'Cyber Monday' event

The promotion kicks off Sunday, November 28.

Screen Shot 2021-11-27 at 9.59.30 AM

Edina police warn of recent burglary trend targeting garages and vehicles

The Edina Police Department is increasing patrols in affected neighborhoods in response to the trend.

Screen Shot 2021-11-27 at 9.03.06 AM

Charges: Man shot Uber Eats driver making a delivery in Cottage Grove

Otis Donnell Shipp was charged with second-degree attempted murder after turning himself in on Wednesday.


How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?

2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.

Update: Explore Minnesota's Facebook hack nightmare is over

But why was the tourism agency targeted? And how did someone take control?

'Accidental hero' slowed the global ransomware attack – but it might not be over

The malware locks up your computer and threatens to wipe your files, unless you pay $300 in bitcoin.

Chipotle's payment systems were hacked – see if the one you go to was hit

Malware got into the register and card payment systems and scraped up info.