Posted on 03/09/2017 11:26:42 AM PST by Ernest_at_the_Beach
Google has finally come out of the closet and is saying what Apple did about the latest CIA leaks – many of the flaws leaked are outdated and already patched. As the companies continue to review the documents, it is becoming clear that most of the reported vulnerabilities are outdated. However, none of the tech firms mentioned in the documents have yet said if “all” of the CIA exploits are patched.
Analysts believe that this could be because the tech firms lack access to the hacking code. Only the CIA and WikiLeaks can share further details with the tech industry to help it confirm if everything is fully patched or not. And apparently, none of them is ready to do that.
On Tuesday, WikiLeaks released over 8,700 documents labeled “confidential” and “secret,” revealing the intelligence agency’s covert hacking and spying capabilities. Among these documents were also the details of several exploits that the CIA uses to target Android, iOS, and other platforms.
Following Apple, Microsoft and Samsung’s statements, Google is also saying that Android users should be protected from most of these alleged hacking tools referenced in the WikiLeaks release.
“As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities.”
Yesterday, Apple had said that its users are protected from “many” of these exploits revealed in the leaked documents, saying nothing about when exactly the rest of the flaws will be patched.
“Our analysis is ongoing and we will implement any further necessary protections,” Google added. “We’ve always made security a top priority and we continue to invest in our defenses.”
Considering the fact that the thousands of documents dumped by WikiLeaks will require tech companies some time to fully investigate, both the leading American tech companies stopped short of giving any timeline of expected patches or even providing details of how severe the remaining exploits could be.
Several independent security researchers have said that the threat to the latest Android versions appears to be minimal. However, unlike iPhones, Android users are mostly slower at getting latest security patches, possibly putting millions of them at risk to these exploits. WikiLeaks’ alleged CIA documents claim that the agency’s stockpile of exploits is used for a number of activities, including monitoring communications and tracking users.
As is customary for WikiLeaks, the organization focuses on releasing documents or the details of security vulnerabilities without first informing the relevant tech companies – which is a standard procedure followed in the security industry. However, WikiLeaks isn’t working to provide any help to the companies impacted by these CIA documents, further putting users at security risk.
A report by the WSJ published last night added that only the CIA and WikiLeaks have access to the exploit code, but neither of them is sharing this software with the tech companies who are responsible for patching these exploits.
“Companies now find themselves in a difficult position: They believe that at least two organizations have access to hacking code that exploits their products – the CIA and WikiLeaks – but neither one is sharing this software…”
With the lack of support from the CIA and WikiLeaks, it may take longer for Google, Apple and other involved tech companies to pick up the pieces and offer fixes to end users. WikiLeaks ran a poll asking its followers if it should work directly with the technology companies.
At the time of writing, 57% of 37,195 respondents had voted yes. It is unclear whether the organization has decided to share any code details with the relevant companies.
“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out,” Julian Assange said in an online press conference this morning. “Once tech firms had patched their products, he said, he would release the full data of the hacking tools to the public,” AP reported.
CIA obviously doesn’t like its exploits being known – or patched. Following Assange’s statement, the agency’s spokesperson Heather Fritz Horniak said that despite these leaks, CIA continues to “aggressively” spy and hack its adversaries.
“As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity. Despite the efforts of Assange and his ilk, CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.”
Both Apple and Google had previously said that most of the leaked flaws are outdated. However, WikiLeaks’ decision will hopefully help tech firms quickly patch any flaws that could have remained unresolved. Following the release of documents on Tuesday, the security industry has said WikiLeaks was obligated to work with technology companies to help them fix previously unknown software flaws.
In his press conference, Assange also added that the leaked surveillance and hacking technology is designed to be untraceable. While CIA in its earlier statement had claimed that the agency doesn’t and can’t spy on American citizens, it would be hard to know with its contractors using untraceable tools.
“There’s absolutely nothing to stop a random CIA officer” or a contractor from using the technology, Assange said. “The technology is designed to be unaccountable, untraceable; it’s designed to remove traces of its activity.”
AND Wikileaks is running a poll see the link to wddftech story
*********************************
WikiLeaks ✔ @wikileaks
fyi
We gave your neighbor who is a serial killer a key to your backdoor. But it’s okay because we have changed your locks since then. Trust us. No really, it’s okay. Trust us.
Basically a CIA Obama stooge leaked to foreign powers hacking tools and wikileak only happened by to get their hands on it and warn people!
Then the CIA claims Assange is a liar and that the CIA is there to defend America... which is BS because we know the CIA has already looked inside the United States to check whether “Russians” hacked elections.
Also, why is the FBI so hard nosed about investigating now those leaks but Comey did nothing when Trump wanted to investigate leakers ? What about Obama, he biggest leaker
of them all to deep so iet state China and Russia?
Losers
BIT...many of these techniques of malware did not originate with the CIA...heard that somewhere.
Comforting to know....
Word is kicking around out there that the CIA got their hands on some tools, modified them to make sure they didn't point back to the CIA and then used them on the CIA's adversaries, Domestic and Foreign. But then, you already knew that...
WikiLeaks is not done hacking people for more postable goodies yet.
Google Says “Many” Leaked Android Flaws Are Outdated
Thanks, Ernest at the Beach.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
