Wikileaks, the highly controversial secret-publishing organization, has recently published the first part of a collection of documents, which it refers to as “Vault 7,” containing explicit details about the various exploits the C.I.A. has discovered for hacking computers. The collection contains a staggering 8,761 documents, most of which have not yet been fully explored and analyzed by journalists and computer security experts outside of the CIA. Among the details revealed by the leak are the presence of malware designed to affect users of Windows, Linux, and OSx; the agency’s hoarding of “zero-day” exploits, which are exploits that, after being discovered, are kept secret until they are deployed as a hacking tool, in deference to an Obama administration executive; and information on how to bypass anti-virus programs and hide traces of the origins of malware programs.
While it comes as no surprise that the C.I.A. thoroughly investigates means of hacking without leaving a trace, the revelation of specific details of the nature of these hacks has led to chaos and uproar in the intelligence community and among journalists and computer security advocates. According to the New York Times, after the release of the documents, the C.I.A. temporarily halted work on many of its projects, and the F.B.I. is currently investigating the leak, which is believed to have been perpetrated not by a foreign body, but by a C.I.A. insider. And although Wikileaks’ press release claimed that the exploits discovered by the C.I.A. are highly novel and sophisticated, computer security experts in the private sector who have gone over the leaks claim that much of the information used by the C.I.A. is already well-known within the industry.
One of the more unexpected revelations of the leak concerns the C.I.A.’s investigations into hacking computer-connected vehicles, such as newer cars and the self-driving cars of the near future, according to one document. This reveal is of particular concern to owners of cars that feature deeply-integrated information, entertainment, and navigation systems, especially those with computer systems that have the capacity to override driver input. Features like adaptive cruise control, automatic parallel parking, and lane departure prevention rely upon computer systems to come between the driver and the vehicle’s movement, opening up the potential for exploits.
This observation was proven to have real-life potential consequences in 2015, when security experts Charlie Miller and Chris Valasek worked with Wired Magazine to expose a method whereby hackers could remotely stop a Jeep Cherokee without the driver’s consent, as well as control the car’s entertainment system, climate control system, and windshield wipers. But the potential for hacking vehicles extends beyond simply disabling cars on the highway; according to the Wikileaks press release, the C.I.A., or other organizations, could potentially use hacks of vehicles for remote assassinations, which could be framed as car accidents. Additionally, the presence of GPS receivers on many modern vehicles can be exploited in service of silent positional tracking, and microphones contained in a vehicle’s communication system can be hacked to allow intelligence agencies to pick up on private conversations.
As manufacturers continue to further the extent to which computer-controlled systems interact with vehicles, the threat of vehicle hacking becomes increasingly worrisome. Self-driving cars, due to their convenience and their capacity to cut down on labor costs, threaten to replace manually-driven vehicles almost entirely. The potential costs of hacking these vehicles is even greater than those of today’s vehicles, as a hacker of a self-driving car could, in theory, direct the car to drive to any arbitrarily-determined location, trapping the car’s inhabitants for the duration of the trip. And, as future self-driving cars make work in tandem with other cars to maximize the efficiency of traffic flow, hacking these systems could allow attackers to control multiple vehicles at once, using them as impromptu roadblocks, stopping the flow of traffic between various locations entirely.
As such, moving forward, vehicle manufacturers will have to be ever-vigilant about the potential vulnerabilities created by the integration of computers into the driving experience. There exists a perpetual struggle between manufacturers of computers and hackers, including government officials, who wish to intercept them; as the presence of technology in our daily lives augments with time, this struggle will continue to become increasingly apparent in our everyday lives into the future.
Featured image via Wikimedia