WikiLeaks’ latest release focuses on malware called HighRise, which the agency used to target Android devices.
WikiLeaks describes HighRise on its website as an Android application that can redirect or intercept text messages sent to a target’s phone, allowing a CIA agent to access it before it lands in the inbox of the person it was intended for. It was designed for mobile devices running Android 4.0 to 4.3.
WikiLeaks’ last dump, from a project dubbed “Cherry Blossom” described a technology that “provides a means of monitoring the internet activity of and performing software exploits on targets of interest. In particular, CB is focused on compromising wireless networking devices, such as wireless (802.11) routers and access points (APs), to achieve these goals”.
At the same time, there is circumstantial but strong evidence that recent WannaCry and Petya outbreaks were carried out either directly by state actors, or by third-party hackers that are sponsored by a state. It is based on reports indicating that Ukraine owns around one-third of the systems directly affected by the Petya ransomware attack, although the attack touched close to 60 or more nations. The NSA tools were dumped by the Shadow Brokers hacking group.
These newly formed realities strengthen users’ most profound concerns:
There are a plethora of available attack tools from state sponsored initiatives.
Cyber attackers’ crowd is a mixture of criminals and state cybersecurity experts.
Attack technologies and tools are circulated among cyber attackers with no control
Attacks aimed at crippling entities span from organizations to countries and can easily expand to individuals.
What does it all mean to mobile device users?
The connected world is changing and the use of mobile devices should change with it.
A simple equivalent can be seen in aviation security. Acts of terrorism and threats to life and property have totally altered the techniques and methods used in an attempt to protect passengers, staff, and planes. Travels naturally accept harsh security measures despite their clear inconvenience. Same goes with mobile use.
The mobile use as we know it must change forever in the quest to maintain secure and private use. This is valid for both organizations and individuals. The sooner users will realize and act by new security directives, the sooner they will be better protected and will eliminate cyber-attacks risks.