Wikileaks CIA documents raise hacking fears should we worry about our devices?

Explosive allegations this week out of Wikileaks that U.S. intelligence agencies are surreptitiously spying on us usingour devices has prompted many consumers to worry if their data privacy is at risk.

In a data dump of more than 8,000 documents purportedly coming from inside the CIA, Wikileaks alleges that intelligence agencies havedeveloped malwarethat can turn iPhones, Android devices and Samsung smart TVs into covert listening devices.

Give the preponderance of internet-connected devices in our lives, many consumers are naturally concerned about what Big Brother might be listening to, and how confident they should be in their data security.

• Wikileaks to share hacking evidence with technology companies

"I'm not confident at all," says Justin Oliver, who was in small phone-repair shop in Toronto this week. He was there for a quick fix of abroken screen on his Samsung smartphone, but he's nowhere near as confident in a permanent fix for his data security.

"I think people can gain access to information any way they choose ... to access an IP address or my phone would probably not be that difficult for someone who's advanced."

DanielTobok, the CEO ofCytelligenceand a cyber security expert, says there's no such thing as 100 per cent security, even before this week's events."The bad guys out there ... have access to a lot of crazy tools," he says.

The techniques alleged in the Wikileaksdocuments may represent a new front, but the reality is that widespread and blanket espionage just isn't feasible.

"I don't think the average Canadian needs to be concerned right off the bat," Tobok says, "but there's definitely a little bit of concern that everybody should have and just be a little bit more cautious."

Tobok and others say consumers' best defence against hacking should be very familiar to them: avoid doing sensitive things on public Wi-Fi, usedifferent secure passwords for accounts and devices, and changethem often.

• Protecting your privacy: here's how to manage what you reveal

But consumers should also give more thought to what sort of permissions they blindly hand over to apps they've downloaded to their smartphones, or smart devices in their own homes. Wireless routers, for example, are among the most insecure devices in most homes, yet they are point of contact for just about every other device transmitting sensitive information.

Consumers would do well to ask why an app downloaded on to theirsmartphone is demanding access to their email andmicrophone. Or why a smart television is tracking what people are watching.

• It's not just your TV that can track your habits without your consent

"As long as you're up to date and you're aware, you'll eliminate 90 plus per cent of the threats out there,"Toboksays. "Common sense is really key here."

Part of the concern with Wikileaks allegations: if government agencies have access, who else might?As Wikileaks said in a release: "If the CIA can discover such vulnerabilities so can others."

Tobok says consumers take some comfort from the notion that governments are at least nominally obligated toobey protocols and comply withlawswhen seeking information on consumers devices.But rogue groups such as organized crime cartels have no such compunctions.

"It becomes like the wild, wild, west if you have organized crime and other unfriendly states to Canada and the U.S., for example, that are using these tools against us," Tobok says.

While he agrees that consumers are far too lax about privacy issues, Ryersonprofessor Alex Ferworn says fears of widespread surveillance usinghacked devices are largely overblown.

'Little to worry about'

He cites the example of someone talking loudly on a cellphone on a crowded bus, sharing intimate information for all to hear "but somehow we're concerned that somebody's going to sneak into our phone at night."

Despite password-guessing tools that can crack a weak password in a matter of minutes, "the average Canadian probably has very little to worry about," he says.

Businesses, meanwhile, have more at stake. Cybersecuritybreaches affect theirbottom lines as they deal with angry customers.

"I'm not that worried about it, but in all fairness, if I was a corporation I might be a little more worried," says shopper Justin Oliver.

The cold, hardreality is that hacks can and will happen, which is why one company thinks the focus should benot on prevention, but detection.

• Hackers used 'internet of things' devices in massive web outage

"The hackers are getting smarter," says Niranjan Mayya, founder and CEO of Rank Software, a Torontobased technology company that helps businesses detect breaches because they can't really be fully prevented.

Mayya says statistics show that it can take a typical company up to six months to even figure out that systems have been infiltrated an ocean of time for a hacker to collect valuable data before the company closes the back door and changes the locks.

Unlike others, "we have accepted the fact that you are going to or have already been breached," he says.

That may be cold comfort to consumers, but the reality for most people is that the ability to guard against all but the most persistent hacking attempts is largely in their own hands.

As Ferworn puts it, we must"stoprelying on our cellular devices as much as we're doing if we wantto be private."