By Igor Magun
Last week’s leak of CIA documents has left some people understandably nervous about government hacking capabilities. But when it comes to digital security, we need to be cautious about when we freak out.
If we look at what was leaked, the exploits in question all require someone to be specifically targeted. In some cases, they require physical access to the target device. This makes them a lot less likely to affect you.
Mass surveillance or malicious ads on major websites targets people indiscriminately, but in order to be targeted by this sort of hacking technique, you must be interesting enough to be singled out for targeting in the first place. The techniques are not only difficult to deploy, but the more people they’re used on, the more likely they are to be discovered. Discovery would allow device manufacturers to fix the bugs these exploits take advantage of, making them useless.
A well-designed fingerprint reader can store your prints safely and keep you from entering your device password in public, but if you live with someone you don’t trust, it can be used to unlock your phone while you sleep.
This means many of us probably don’t have a lot to worry about from the methods presented in the leaks. If you’re a journalist dealing with sensitive sources, then yes, techniques like this could well be used to monitor you. But this discrepancy has been the case for some time, and will be for the foreseeable future. The effort required to target most people is not likely to be worth it to law enforcement agencies.
Freaking out about these techniques is counter-productive. For example, Signal and WhatsApp are still as safe as they were before, contrary to some stories. Hacking your phone will allow someone to read the messages, but this is a vulnerability of the device, not the apps, and has always been the case. Portraying them as broken will only harm those who need these tools most, and there have already been examples of people considering less-secure options in response.
The takeaway from all this is that security needs vary from person to person. Signal and WhatsApp still protect message contents from passive surveillance, but they never did anything for targeted hacking. A well-designed fingerprint reader can store your prints safely and keep you from entering your device password in public, but if you live with someone you don’t trust, it can be used to unlock your phone while you sleep. The threats you need to worry about depend on your lifestyle.
We need to be conscious of this and stop ourselves from jumping to conclusions about security. That way, we can avoid providing advice that harms the most vulnerable internet users.