It's been more difficult than ever to secure all of the different attack vectors available to hackers these days. It's also why I've been extra suspicious of modern "smart" tech, so much so that I'm still happy enough sporting around little more than an old ipod 4 and my trusty 'ole LG Chocolate cell-phone. Potential theft without recourse (except for a highly visible, yet not so helpful blockchain trail), is also why I remain especially cautious of crypto currency. In a way, you're exchanging one set of issues for another, with potential potholes that many haven't even yet contemplated let alone considered (the devil you know, so to speak).

Most people have no idea how potentially easy it is for hackers (let alone an Orwellian-style government) to take control of "smart" phones, TVs, cars, and other devices. And to make things worse, people often tend to take security for granted and expect that the security promised always works as expected. I mean, how many kids are all that worried about their snapchat shares? Perfectly safe and they're immediately erased, no?! If you want a taste of how far this can go (and sadly, it's really not that far-fetched at all), check out the 2016 movie I.T. with Pierce Brosnan...

But ironically enough, this WikiLeaks release of Vault 7: CIA Hacking Tools Revealed may finally help close down at least a few more of these notorious security "holes", for the time being at least...

In the wake of Edward Snowden's leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis — rather than hoard — serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers.

"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.

Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published.

Wikileaks has also decided to redact and anonymise some identifying information in "Year Zero" for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States.

Link: Vault 7: CIA Hacking Tools Revealed

Here are some of the "revelations" brought on by these documents, courtesy of a MILO blog post:

The CIA can masquerade its malware as belonging to a foreign intelligence agency.

The CIA stole hacking malware from the Russian Federation for their own use.

The CIA is hacking everyone, including US citizens.

Every microphone and webcam is remote controllable.

The CIA’s exploits have been leaked internally and can be used by unauthorized people to gain access to virtually anything.

CIA malware can infiltrate iPhones, Androids, Windows Phones, and even your smart TV.

The U.S. consulate in Frankfurt is a covert CIA hacker base.

The CIA created air gap jumping viruses that infect CDs, DVDs, flash drives, etc.

The CIA created malware that specifically evaded certain anti-virus programs.

The CIA can hack cars for “undetectable assassinations”

CIA malware can infiltrate your macOS and Windows computers.

CIA malware infiltrates your smartphone to read messages on encrypted apps, before you send them.

CIA malware can infiltrate Linux and routers.

The CIA was supposed to reveal major vulnerabilities, but instead, hoarded them for their own use.

Notepad++, a popular text editor, has a DLL hijack.

The CIA steals saved passwords from Internet Explorer

CIA can bypass Windows User Account Control

CIA has Android malware that makes Android phones bulk-spy on WiFi networks around them.

In a bit of good news, it turns out that at least one of these backdoors has already been fixed. I use notepad++, and think it's a terrific FOSS editor. And the DLL hijack described in the CIA files was apparently already corrected about a year ago, as described in the following github issue report: Notepad++6.9.2 DLL Hijacking Vulnerability. The issue also seemed to be more with the installer rather than the program itself.

Finally, @ausbitbank also released an excellent post about the Vault 7 release that's worth checking out as well: Wikileaks Vault 7 / Year 0 release part 1