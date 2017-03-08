The CIA may be equipped with an arsenal of hacking tools that can give it access to your phone, computer and other devices, according to a report by CBS News.

(Disclosure: CNET is part of CBS Interactive, which is owned by CBS.)

What did WikiLeaks publish?

WikiLeaks, the organization notorious for leaking highly secure government data, published a cache of documents, dubbed "Year Zero," that reportedly expose tactics the CIA uses to hack into our devices. WikiLeaks released more than 8,700 documents and files on Tuesday that it claims were part of a CIA project codenamed "Vault 7." We haven't yet independently verified the information.

According to WikiLeaks, the CIA lost control of an archive that details the ways in which it hacks devices. The archive landed in the hands of "former US government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive."

What do I need to know?

Here's the TL;DR: If the info WikiLeaks exposed is accurate, the CIA may be equipped with a variety of tools that let it hack into your phone, smart TV, computer and router. That's basically all the things you own that are connected to the internet.

It turns out that the CIA's tools can be used to read encrypted messages sent on otherwise secure apps like WhatsApp, Signal and Telegram.

What kind of devices can the CIA hack?

If the report is true, the CIA can hack devices such as:

Android phones

iPhones

Smart TVs (the report specifically outs Samsung TVs)

Routers

Windows and Linux computers

Mac computers

Can the CIA really read all of my encrypted WhatsApp (and other app) messages?

WikiLeaks' data dump suggests that, yes, the CIA can bypass the encryption and view your private messages. But again, that's if the info is real. We don't know that yet.

But I thought WhatsApp, Signal and other apps encrypted my messages?

Those apps do employ encryption, but that's useless if the CIA can hack your phone. If you crack the operating system, you don't need to crack the app.

The OS shows what's on screen, listens to you typing or dictating words, and captures that unencrypted original data. If software -- like the alleged CIA hacking software -- can access the phone at that privileged level, it doesn't matter whether data is encrypted at rest (stored on disk/flash memory) or in flight (sent over a network).

One thing we're unsure of is which versions of Google's Android, Apple's iOS, Mac OS X and smart TV software and other operating systems, including from Microsoft, may have been hacked.

How did it hack these devices?

There isn't a single method the CIA uses to hack internet-connected devices. According to the report, the intelligence agency uses a combination of malware, viruses, trojans and zero-day exploits (security holes that a manufacturer isn't yet aware of, and so can't easily patch) to gain access to these devices.

Does this mean devices like my phone and smart TV aren't secure?

We're still not sure. We're actively reaching out to companies mentioned in the WikiLeaks documents and will update this story as the news develops.

Are these hacks still in use?

Maybe, maybe not. The documents that Wikileaks released today only cover the CIA's "Vault 7" program from 2013 to 2016, so it's not clear if they're still in use.

We're also not sure which versions of the Google Android, Apple iOS and Mac OS, and Samsung Smart TV operating systems were originally affected -- it's possible that some of these vulnerabilities were patched in subsequent updates.

For some hacks, it's not clear whether the CIA used them at all. For instance, the Wikileaks documents that describe the "Weeping Angel" hack for Samsung Smart TVs are a snapshot from 2014, when the CIA appears to have still been figuring out how to make it work reliably.

Is there anything I can do to secure my phone?

We're not sure. The information currently available indicates the devices the CIA reportedly hacks -- including phones, tablets, smart TVs and computers -- have vulnerabilities that the organization is able to exploit. If that's true, it would mean all affected companies would need to patch these vulnerabilities to secure the devices.

This is a developing story. Check back for updates.

Stephen Shankland, Patrick Holland and Sean Hollister contributed to this story.