We crack open Vault 7 & are a little let down by what’s inside, give you one more reason you should already be using ZFS & just when you thought you could trust your phone again, we’ve got the story of preinstalled Android malware. Then it’s your feedback, a huge roundup & so much more!

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:


Show Notes:

Malware found preinstalled on 38 Android phones used by 2 companies

  • Malicious apps were surreptitiously added somewhere along the supply chain.

  • Check Point didn’t disclose the names of the companies that owned the infected phones. One of the affected parties was a “large telecommunications company” and the other was a “multinational technology company.”

  • It’s interesting how this came on out March 10 and the WikiLeaks notice about compromised cellphones came out a few days earlier. Coincidence?

“Vault 7” by WikiLeaks

  • A total of 8,761 documents have been published as part of ‘Year Zero’, the first in a series of leaks the whistleblower organization has dubbed ‘Vault 7.’ WikiLeaks said that ‘Year Zero’ revealed details of the CIA’s “global covert hacking program,” including “weaponized exploits” used against company products including “Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.”

  • Among the more notable disclosures which, if confirmed, “would rock the technology world”, the CIA had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect “audio and message traffic before encryption is applied.”

  • NOTE: From what I’ve read, this compromise involves first compromising the phone in question and as such is not an attack on the apps themselves.

  • Kreb’s coverage

  • Krebs says: “The documents for the most part don’t appear to include the computer code needed to exploit previously unknown flaws in these products, although WikiLeaks says those exploits may show up in a future dump. This collection is probably best thought of as an internal corporate wiki used by multiple CIA researchers who methodically found and documented weaknesses in a variety of popular commercial and consumer electronics.”

  • Krebs also says: “Some of the exploits discussed in these leaked CIA documents appear to reference full-on, remote access vulnerabilities. However, a great many of the documents I’ve looked at seem to refer to attack concepts or half-finished exploits that may be limited by very specific requirements — such as physical access to the targeted device.”

  • See also Espionage vs. Surveillance

  • Best advice: patch your shit, secure physical access, it is not as bad as WikiLeaks is making it out to be.


Round Up:

+Silent Data Corruption Is Real

Question? Comments? Contact us here!