Just as with the famous Snowden leaks a couple of years ago, it should come as no surprise that intelligence agencies engage in spying activities. What is remarkable, though, is the scale and extent of their activities. This is also the case for the Vault7 documents. Those are not only about collecting security flaws in desktop PCs or servers. According to the documents, the agency has all internet-enabled devices in its sights. Android and iOS devices, routers and smart TVs are just as viable a target as embedded devices and IoT hardware. The CIA’s tool chest even includes tools for hacking industrial SCADA hardware as well as automotive systems. At the same time, extensive measure exist to conceal the CIA’s tools and their data exfiltration techniques. “You might get the impression that basically every piece of technology with some relevance in the market is being carefully evaluated for possible use in cyber espionage and cyber warfare”, says Eddy Willems, G DATA Security Evangelist.