WikiLeaks looks at helping tech vendors disarm CIA hacking tools

WikiLeaks tweeted out the possibility in a poll on Wednesday

WikiLeaks has attracted plenty of haters over its controversial disclosures. But the site may be in a unique position to help tech vendors better secure their products.

That’s because WikiLeaks has published secret hacking tools allegedly taken from the CIA, which appear to target smartphones, smart TVs and PCs.

Companies including Apple and Cisco have been looking through the stolen documents to address any vulnerabilities the CIA may have exploited. However, WikiLeaks might be able to speed up and expand the whole process.

So far, the site hasn’t released the source code to any of the hacking tools. But on Wednesday, WikiLeaks raised the prospect that it might share the sensitive information with tech vendors as a way to quickly patch the vulnerabilities.

“Tech companies are saying they need more details of CIA attack techniques to fix them faster. Should WikiLeaks work directly with them?” the site tweeted out in a poll.

The day before, WikiLeaks said it was holding back from publicly sharing the source code, until a consensus emerges over how the hacking tools should be “analyzed, disarmed and published.”

The site wants to prevent CIA-made “cyberweapons” from proliferating, so working with tech vendors could be a way for WikiLeaks to essentially defuse them.

It’s also an offer that tech vendors probably can’t ignore.

“They might have to absolutely work with WikiLeaks,” said Jason Healey, a researcher at Columbia University who studies U.S. policy on vulnerability disclosure.

“How do you tell a shareholder or a user that there’s information on a hole out there, but you didn’t bother to speak with WikiLeaks about it?” he said.

The other danger is that malicious parties might know about the secret CIA hacking tools too.

WikiLeaks hasn’t identified the source behind the stolen documents. But it’s mentioned that former U.S. government hackers and contractors were circulating the confidential data, and that someone among them supplied a copied portion to WikiLeaks.

However, Healey pointed to WikiLeak’s suspected ties to Russian cyberspies as a major area of concern.

Assuming the stolen CIA hacking tools are real, Healey suggests that the U.S. government intervene and help vendors patch the vulnerabilities involved in this particular leak.

“Don’t let them (the tech vendors) go to WikiLeaks for the information,” he said. “Let them hear it from the U.S. and not maybe from the Russians.”

Other security experts said that while it's possible WikiLeaks could be holding on to other secret hacking tools, the document dumps so far haven't shown anything alarming.

Will Strafach, CEO of Sudo Security Group, said that WikiLeaks has actually been exaggerating the capabilities of the leaked CIA hacking tools.

For instance, the CIA-developed iOS exploits in the documents show that the hacking tools appear to be largely out-of-date and no longer work on iOS 10 or higher, he said.

“The products are already patched,” he said. “They (WikiLeaks) are definitely trying to mislead people here.”

On Wednesday, Google also said it reviewed the stolen documents and is confident that its Android OS can “already shield users from many of these alleged vulnerabilities.”

However, tech vendors didn’t immediately comment on whether they are reaching out to WikiLeaks.

The controversial disclosures apparently won’t win the site any fans from the CIA.

“Such disclosures not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm,” the agency said in a statement.

Join the PC World newsletter!

Error: Please check your email address.

Tags wikileaks

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?