WikiLeaks wants to share the hacking tools and vulnerabilities the CIA allegedly has been using to compromise phones and other devices with technology companies like Apple and Google, founder Julian Assange said during a live-streamed press conference Thursday.
The announcement came two days after WikiLeaks published close to 9,000 documents purportedly detailing CIA efforts to hack smart phones, smart TVs and other devices for covert surveillance operations. The CIA has yet to acknowledge the authenticity of these documents.
The initial document dump didn’t include any actual hacking tools, but merely described which devices and operating systems had been affected. Some of the affected tech companies have since chimed in to assure consumers that their products are safe. Google said Wednesday that its security updates “already shield users from many of these alleged vulnerabilities.” Apple used very similar wording in a release Tuesday, claiming that many of the issues were already resolved thanks to previous security patches.
Samsung told Variety Wednesday that it was “urgently looking into the matter.” A handful of the published documents had detailed attempts to turn some of the company’s older smart TVs into wiretapping devices, with plans to use integrated microphones to record conversations. A security expert with experience in smart TV hacking told Variety Tuesday that many of the technical details in those documents checked out, but that the efforts were best described as a work in progress.
WikiLeaks’ now-announced plan to share vulnerabilities with manufacturers before releasing them more widely actually follows a long-established practice in security circles. Dubbed responsible disclosure, the idea is to balance the public’s right to know about vulnerabilities in the products they own with the ability of manufacturers to fix those vulnerabilities before anyone abuses them.
The problem is that companies like Google often depend on partners, including phone carriers, to distribute patches to their products. This can leave older phones vulnerable to hacks even if more recent version of Google’s Android operating system have been patched.