WikiLeaks looks at helping tech vendors disarm CIA hacking tools

WikiLeaks tweeted out the possibility in a poll on Wednesday

WikiLeaks has attracted plenty of haters over its controversial disclosures. But the site may be in a unique position to help tech vendors better secure their products.

That’s because WikiLeaks has published secret hacking tools allegedly taken from the CIA, which appear to target smartphones, smart TVs and PCs.

Companies including Apple and Cisco have been looking through the stolen documents to address any vulnerabilities the CIA may have exploited. However, WikiLeaks might be able to speed up and expand the whole process.

So far, the site hasn’t released the source code to any of the hacking tools. But on Wednesday, WikiLeaks raised the prospect that it might share the sensitive information with tech vendors as a way to quickly patch the vulnerabilities.

“Tech companies are saying they need more details of CIA attack techniques to fix them faster. Should WikiLeaks work directly with them?” the site tweeted out in a poll.

The day before, WikiLeaks said it was holding back from publicly sharing the source code, until a consensus emerges over how the hacking tools should be “analyzed, disarmed and published.”

The site wants to prevent CIA-made “cyberweapons” from proliferating, so working with tech vendors could be a way for WikiLeaks to essentially defuse them.

It’s also an offer that tech vendors probably can’t ignore.

“They might have to absolutely work with WikiLeaks,” said Jason Healey, a researcher at Columbia University who studies U.S. policy on vulnerability disclosure.

“How do you tell a shareholder or a user that there’s information on a hole out there, but you didn’t bother to speak with WikiLeaks about it?” he said.

The other danger is that malicious parties might know about the secret CIA hacking tools too.

WikiLeaks hasn’t identified the source behind the stolen documents. But it’s mentioned that former U.S. government hackers and contractors were circulating the confidential data, and that someone among them supplied a copied portion to WikiLeaks.

However, Healey pointed to WikiLeak’s suspected ties to Russian cyberspies as a major area of concern.

Assuming the stolen CIA hacking tools are real, Healey suggests that the U.S. government intervene and help vendors patch the vulnerabilities involved in this particular leak.

“Don’t let them (the tech vendors) go to WikiLeaks for the information,” he said. “Let them hear it from the U.S. and not maybe from the Russians.”

Other security experts said that while it's possible WikiLeaks could be holding on to other secret hacking tools, the document dumps so far haven't shown anything alarming.

Will Strafach, CEO of Sudo Security Group, said that WikiLeaks has actually been exaggerating the capabilities of the leaked CIA hacking tools.

For instance, the CIA-developed iOS exploits in the documents show that the hacking tools appear to be largely out-of-date and no longer work on iOS 10 or higher, he said.

“The products are already patched,” he said. “They (WikiLeaks) are definitely trying to mislead people here.”

On Wednesday, Google also said it reviewed the stolen documents and is confident that its Android OS can “already shield users from many of these alleged vulnerabilities.”

However, tech vendors didn’t immediately comment on whether they are reaching out to WikiLeaks.

The controversial disclosures apparently won’t win the site any fans from the CIA.

“Such disclosures not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm,” the agency said in a statement.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags wikileaks

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?