This week has seen the latest revelations from Wikileaks exposing sensitive US and UK government hacking secrets – but should we be worried, and do we need to change our approach to communications as a result?

What has been released?

On Tuesday 7 March Wikileaks released a statement as they begin a new series of leaks which have been dubbed ‘Vault 7’. These leaks expose many of the most sensitive parts of the US and UK cyber-attack arsenal, with a particular focus on mobile devices and internet connected equipment which would form part of the ‘internet of things’.

By far the most significant aspect of this first release is the description of the ways that Intelligence Agencies hack into smart phones using iOS and Android operating systems.

Is this unexpected?

Quite frankly, no. The fact that government agencies have successfully targeted mobile devices for a number of years is not a surprise. The issues of terrorists using encrypted communications to organise attacks has been widely publicised and the subject of several high profile clashes.

As is now apparent, Governments on both sides of the Atlantic have been investing heavily on this capability. Indeed, whilst some of it may be developed in house, some may be purchased from private companies who employ teams of hackers to develop exactly these tools or ‘exploits’.

What can the tools do?

A range of things. Generally the aim of the tools are to silently watch everything that happens on the mobile device. So emails, texts, IM chat and GPS locations. The hack of a smartphone may be in several stages, with one designed to ‘open a backdoor’ to enable further exploitation by other techniques. Basically, if you are successfully targeted in the correct way then everything you do on your mobile device could be read by those at the other end of the line – even messaging chat that may be encrypted.

So should we be worried?

Whilst this leak points to the active targeting of mobile devices, as ever the devil is in the detail. iOS remains the most secure mobile operating platform, and looking at the leaks so far the highest iteration that can be successfully attacked is iOS 9. Currently the latest iOS software is 10.2.1 – which means that if you update your iPhone or iPad to the latest software then you should be safe from exploitation. Expect Apple to release another update soon following this leak.

For users of Google’s Android operating system the news is not so good. Whilst Android has improved its security, it is still not on a par with Apple and the data leaks do not seem to indicate which iteration of Android can be exploited; there is no doubt that as a system it is inherently more vulnerable.

Whilst Android has improved its security, it is still not on a par with Apple and the data leaks do not seem to indicate which iteration of Android can be exploited

With Android accounting for a huge part of the worlds mobile market, targeting of Android will continue with vigour – not just by governments but also by private hackers. For users of Android an anti-virus solution is a must.

But the good news is that those targeted by governments using these techniques are only those who are in the top tier of national security threats. In other words unless you are planning to launch a terrorist attack or are looking to steal state secrets you will be safe. Whilst, in theory, the techniques could be deployed against ordinary members of the public the reality is that not only are strict legal parameters in place overseeing who can be targeting, but also huge considerations around processing the vast amount of data each handset generates on a daily basis.

The main risk is if, as in the case of the ‘hacking club’ breach, the tools become public – if this happens then there will be a scramble amongst the hacking community to use these tools as quickly as possible.