Yesterday’s Wikileaks dump reiterated something we already knew: Our devices are fundamentally unsafe. No matter what kind of encryption we use, no matter which secure messaging apps we take care to run, no matter how careful we are to sign up for two-factor authentication, the CIA—and, we have to assume, other hackers—can infiltrate our operating systems, take control of our cameras and microphones, and bend our phones to their will. The same can be said of smart TVs, which could be made to surreptitiously record our living-room conversations, and internet-connected cars, which could potentially be commandeered and even crashed.
Previous security revelations told us that our data wasn’t safe. The Vault 7 leak reminded us that our machines aren’t secure—and, because those machines lived in our homes and on our bodies, they rendered our homes and bodies insecure as well. There is a word for these flaws and holes in code that leave us open to harm, and it’s the same word for the unease that accompanies them: vulnerability.
Take the iPhone—a single example among many, but an especially instructive one. Last year, while fighting the FBI’s request to access the iPhone of the San Bernadino shooter, Apple CEO Tim Cook presented his company as a bulwark against intruders. “Customers expect Apple and other technology companies to do everything in our power to protect their personal information,” he wrote. Now, like a child learning of his parents’ inability to prevent bad things from happening, we understand Cook’s promises to be unfulfillable. This morning Apple announced that it had already patched most of these holes, but we can never know if there aren’t others out there, unbeknownst to us or to the company.
Inside Vault 7
-
Lily Hay Newman
WikiLeaks Just Dumped a Mega-Trove of CIA Hacking Secrets
-
Andy Greenberg
How the CIA Can Hack Your Phone, PC, and TV (Says WikiLeaks)
-
Brian Barrett
Don’t Let WikiLeaks Scare You Off of Signal and Other Encrypted Chat Apps
-
Andy Greenberg
How the CIA’s Hacking Hoard Makes Everyone Less Secure
If we feel freshly vulnerable, we are not alone. The darlings of the tech industry—which for much of the past decade have convincingly presented themselves as swaggering inevitabilities—are showing signs of vulnerability as well. Google and Facebook, which pride themselves as algorithmically-pristine information-delivery systems, fell prey to fake-news mills and virulent troll armies. Uber’s scorched-earth approach to capitalism and human resources, which once made it a seemingly indomitable competitor, now threaten to sink its once-bulletproof CEO. The more powerful and inevitable something appears, the more startling and devastating its weaknesses are when they are exposed. Or, to borrow a phrase, the harder they come, the harder they fall.
That’s useful to remember when you consider the transformation we are currently undergoing, one in which more and more of our devices become connected to the internet. Whether you call it the “Internet of Things” or the “Internet of Everything” or the “Third Wave” or the “Programmable World,” the long-predicted moment when connectivity becomes as ubiquitous as electricity is nearly upon us. The benefits will be staggering—a world that will know us and adjust to our needs and desires, a universe of data that will impart new wisdom. But so will the vulnerabilities, the opportunities for our worlds to be penetrated, manipulated, and even destroyed by malevolent intruders.
This exposes yet another vulnerability for the tech industry—a meta-vulnerability, really. That vision depends on trust. It requires us to put our faith in our self-driving cars and Alexa-enabled virtual assistants and thermostats and, yes, smart televisions. Every time we learn of a new zero-day exploit, it renews fears of an entirely hackable world, where our machines can be enlisted against us. It reminds us that the future is a necessarily more vulnerable place.
The Vault 7 leak is not the tech industry’s fault, exactly, but we must ask at what point we stop placing our trust in devices, systems, and people that are inherently undeserving of it? Actually, never mind, we’re past it already. The most troubling aspect of the latest revelations is that there is no way to protect yourself beyond not buying a smartphone, or at least not having any meaningful conversations when you are in the same room with one. These vulnerabilities and cracks are not optional, but woven throughout the fabric of our social and commercial lives. They are coming from inside the house.