WikiLeaks Won’t Tell Tech Companies How To Patch CIA Zero-Days Until Its Demands Are Met
WikiLeaks doesn’t like to make things easy, and now it seems Google, Microsoft, and Apple are learning that reality firsthand.
A partnership between the three tech companies and the non-profit organization has hit its first road block. WikiLeaks recently promised it would spill the technical details and code of the hacking tools the CIA used against Google, Apple, Microsoft, and other tech companies, and after much waiting, WikiLeaks finally made initial contact.
The discovery of zero-day exploits that could threaten security for millions of users makes the issue high priority, and so Assange agreed to partner up. “We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out,” Assange said in a statement on March 10. Though WikiLeaks made contact with the tech companies following the statement, no relevant data has been given to them. Instead, the organization sent over a contract with a set of conditions that must be met first and foremost. It is unknown exactly what these conditions are, but a source discussed a 90-day disclosure deadline that would force companies to pledge to issuing a patch within three months. Some of the companies believe their security updates offer the protection needed, but would likely still want to get reassurance anyway. “As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities,” a Google spokesperson said. And Apple also alluded to the fact that the CIA methods likely no longer pose a threat, saying that “many of the issues leaked . . . were already patched in the latest iOS,” but explained it “will continue work to rapidly address any identified vulnerabilities.” It seems the CIA hasn’t made any effort to work with the tech companies regarding the exploits that it has “stockpiled.” And despite the CIA’s right to protect its secrets, it seems with the exploits out there now, they are just waiting for someone to use them for criminal purposes. WikiLeaks hasn’t published any code as of yet that people could use detrimentally. “WikiLeaks and the government hold all the cards here, there’s not much the tech companies can do on their own besides rabidly looking through their code to look for any issues that might be related,” a source told Motherboard.
The CIA declined to comment on whether or not it will inform the tech companies, but a spokesperson sent a statement saying the agency has “no comment on the authenticity of purported intelligence documents released by Wikileaks or on the status of any investigation into the source of the documents.” “As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity,” the spokesperson remarked. “The American public should be deeply troubled by any Wikileaks disclosure designed to damage the Intelligence Community’s ability to protect America against terrorists and other adversaries. Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm.” .
Read the full article at the original website
References:
- http://www.usatoday.com/story/news/world/2017/03/09/wikileaks-provide-tech-firms-access-cia-hacking-tools-assange/98946128/
- https://www.forbes.com/sites/thomasbrewster/2017/03/11/google-microsoft-waiting-on-wikileaks-cia-exploits/72a61a854c9
- https://www.pressreader.com/usa/los-angeles-times/20170310/281951722617750
- https://techcrunch.com/2017/03/08/google-is-the-latest-company-to-brush-off-most-of-the-wikileaks-vulnerabilities/
- https://techcrunch.com/2017/03/07/apple-says-most-vulnerabilities-in-wikileaks-docs-are-already-patched/
- https://motherboard.vice.com/en_us/article/wikileaks-wont-tell-tech-companies-how-to-patch-cia-zero-days-until-its-demands-are-met