Skip to content

March 18, 2017

WikiLeaks won’t share CIA exploits unless companies meet terms

by John_A

WikiLeaks offered to work with tech companies to patch the CIA’s leaked security exploits, but there has been a whole lot of silence ever since. Why? That depends on who you ask. Motherboard sources claim that WikiLeaks “made demands” of the companies before it would hand over necessary details of the vulnerabilities, including a requirement that they promise to issue security patches within 90 days. Potential fixes are reportedly stuck in legal limbo, the tipsters say, as the companies are worried about writing patches based on leaked info, not to mention the origins of the leak. They’re worried that Russia might have been responsible for forwarding the info.

WikiLeaks has confirmed the core of the story, but has a decidedly different take on the situation. While it acknowledges that most of the companies haven’t taken action, it claims that Google and others aren’t reacting to WikiLeaks’ “industry standard responsible disclosure plan” due to “conflicts of interest” from their work with the US government. Supposedly, they’re prevented from fixing these kinds of flaws due to their contracts.

More details on this situation are coming next week, WikiLeaks says. However, it’s already threatening to name and shame companies by comparing their responsiveness with their “government entanglements.” It points out that Mozilla and some European firms have been quicker to respond and have received some exploit data.

While it’s difficult to know who’s right, some caution is definitely necessary. WikiLeaks has a habit of playing up leaks, such as implying that the CIA could crack encrypted chat apps (it can only crack the devices used by those apps). Although leaks have suggested that companies might cooperate with US agencies, the truth in this case could be decidedly less exciting. Even a company fully opposed to backdoor surveillance may not want to patch flaws unless it’s absolutely sure that it’s legal to do so.

Source: Motherboard, WikiLeaks (Twitter)

Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: