Wikileaks CIA documents raise hacking fears should we worry about our devices? - Action News
Home WebMail Tuesday, November 26, 2024, 08:57 AM | Calgary | -16.5°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
BusinessAnalysis

Wikileaks CIA documents raise hacking fears should we worry about our devices?

Explosive allegations out of Wikileaks this week suggest that intelligence agencies are surreptiously spying on us using our many devices. While there's reason for concern, experts say a little common sense goes a long way when it comes to data security.

100 per cent certainty may be impossible, but consumers can take steps to protect themselves

Complete data security may be impossible, especially considering most companies can take up to six months to realize that they've been hacked. (REUTERS/Pawel Kopczynski )

Explosive allegations this week out of Wikileaks that U.S. intelligence agencies are surreptitiously spying on us usingour devices has prompted many consumers to worry if their data privacy is at risk.

In a data dump of more than 8,000 documents purportedly coming from inside the CIA, Wikileaks alleges that intelligence agencies havedeveloped malwarethat can turn iPhones, Android devices and Samsung smart TVs into covert listening devices.

Give the preponderance of internet-connected devices in our lives, many consumers are naturally concerned about what Big Brother might be listening to, and how confident they should be in their data security.

"I'm not confident at all," says Justin Oliver, who was in small phone-repair shop in Toronto this week. He was there for a quick fix of abroken screen on his Samsung smartphone, but he's nowhere near as confident in a permanent fix for his data security.

"I think people can gain access to information any way they choose ... to access an IP address or my phone would probably not be that difficult for someone who's advanced."

DanielTobok, the CEO ofCytelligenceand a cyber security expert, says there's no such thing as 100 per cent security, even before this week's events."The bad guys out there ... have access to a lot of crazy tools," he says.

Two hands shaded in greeny-dark hover over a laptop keyboard, with the screen above showing vertical rows of 1s and 0s.
Cybersecurity expert Daniel Tobok says 100 per cent data security may be impossible, but common sense can go a long way to ensuring privacy. (Kacper Pempel/Reuters)

The techniques alleged in the Wikileaksdocuments may represent a new front, but the reality is that widespread and blanket espionage just isn't feasible.

"I don't think the average Canadian needs to be concerned right off the bat," Tobok says, "but there's definitely a little bit of concern that everybody should have and just be a little bit more cautious."

Tobok and others say consumers' best defence against hacking should be very familiar to them: avoid doing sensitive things on public Wi-Fi, usedifferent secure passwords for accounts and devices, and changethem often.

But consumers should also give more thought to what sort of permissions they blindly hand over to apps they've downloaded to their smartphones, or smart devices in their own homes. Wireless routers, for example, are among the most insecure devices in most homes, yet they are point of contact for just about every other device transmitting sensitive information.

Consumers would do well to ask why an app downloaded on to theirsmartphone is demanding access to their email andmicrophone. Or why a smart television is tracking what people are watching.

"As long as you're up to date and you're aware, you'll eliminate 90 plus per cent of the threats out there,"Toboksays. "Common sense is really key here."

Part of the concern with Wikileaks allegations: if government agencies have access, who else might?As Wikileaks said in a release: "If the CIA can discover such vulnerabilities so can others."

Tobok says consumers take some comfort from the notion that governments are at least nominally obligated toobey protocols and comply withlawswhen seeking information on consumers devices.But rogue groups such as organized crime cartels have no such compunctions.

Justin Oliver was getting a cracked screen on his Samsung phone fixed in a local Toronto repair shop. But although he's not an expert, he knows there's no fool-proof fix for his data security. (Dean Gariepy/CBC)

"It becomes like the wild, wild, west if you have organized crime and other unfriendly states to Canada and the U.S., for example, that are using these tools against us," Tobok says.

While he agrees that consumers are far too lax about privacy issues, Ryersonprofessor Alex Ferworn says fears of widespread surveillance usinghacked devices are largely overblown.

'Little to worry about'

He cites the example of someone talking loudly on a cellphone on a crowded bus, sharing intimate information for all to hear "but somehow we're concerned that somebody's going to sneak into our phone at night."

Despite password-guessing tools that can crack a weak password in a matter of minutes, "the average Canadian probably has very little to worry about," he says.

Businesses, meanwhile, have more at stake. Cybersecuritybreaches affect theirbottom lines as they deal with angry customers.

"I'm not that worried about it, but in all fairness, if I was a corporation I might be a little more worried," says shopper Justin Oliver.

The cold, hardreality is that hacks can and will happen, which is why one company thinks the focus should benot on prevention, but detection.

"The hackers are getting smarter," says Niranjan Mayya, founder and CEO of Rank Software, a Torontobased technology company that helps businesses detect breaches because they can't really be fully prevented.

Mayya says statistics show that it can take a typical company up to six months to even figure out that systems have been infiltrated an ocean of time for a hacker to collect valuable data before the company closes the back door and changes the locks.

Unlike others, "we have accepted the fact that you are going to or have already been breached," he says.

That may be cold comfort to consumers, but the reality for most people is that the ability to guard against all but the most persistent hacking attempts is largely in their own hands.

As Ferworn puts it, we must"stoprelying on our cellular devices as much as we're doing if we wantto be private."