As you probably know, a trove of documents about classified CIA hacking tools code-named “Vault 7” was recently published by WikiLeaks. It’s likely those tools are already falling into the hands of criminals, foreign governments, and others, although WikiLeaks hasn’t decided whether to publicly release them into the wild yet.
There are things you can do to protect yourself – more about that in a moment. But first, a plea to the US government:
Declassify the leaked CIA materials!
WikiLeaks offered to share everything they have with tech companies such as Apple, Google, and Microsoft so they can fix vulnerabilities the CIA hackers exploited. But since the material is still classified secret, tech companies face a legal dilemma. Working with secret documents without proper clearance is illegal, as press secretary Sean Spicer reminded us recently. Security researchers face a similar dilemma. Those with security clearance risk losing it if they discuss contents of classified material.
It’s silly to maintain secret classification of material that is now in the public domain. The federal government should immediately declassify the files WikiLeaks published so tech companies, security researchers, and others can work with them. Additionally, “read in” key trustworthy people to legally access material not yet published by WikiLeaks. Otherwise Julian Assange may feel forced to leak even more CIA material simply to deliver it to the tech community.
Okay, as promised, here are fifteen simple things you can do to protect yourself:
Run most current iOS on all your iPhone & iPad devices, and apply next update immediately
Apply the next Android update immediately
Set PCs to automatically download and apply Windows updates from Microsoft
Set Macs to automatically download and apply OS/X updates from Apple
Don’t let Internet Explorer web browser remember passwords for you
Consider changing your anti-virus program if you use AVG, Avira, Comodo, or F-Secure
Consider replacing your network router if it’s made by MicroTik or RouterBoard
Avoid Huawei brand modems, especially HG-510 and MT660a models
Avoid Rikomagic model MK802 mini PCs
Do not use VLC Player media player software
Don’t discuss confidential matters on “encrypted” mobile messaging apps WhatsApp, Signal, Telegram, Wiebo, Confide, or Cloakman
Cover webcam lens on laptops and PCs when not in use
Don’t discuss confidential matters within range of an Amazon Echo or Google Home device
Don’t discuss confidential matters on a Siemens Openstage model land line telephone
Update your TV firmware if you have a Samsung model UNES7550F, UNES8000F, or UNF7000/UNF7500/UNF8000 series unit; or a E8000GF/F8500 plasma set
UPDATE 6/19/2018: A former CIA employee was charged with stealing the Vault 7 files and giving them to WikiLeaks.
Michael McCormick is an information security consultant, researcher, and founder of Taproot Security.