Just days after WikiLeaks published thousands of pages worth of details on the CIA’s hacking toolkit, Julian Assange is planning to release those tools to tech companies. The WikiLeaks report describes many tools and vulnerabilities that the CIA has used including exploits for iPhone, Android, Windows, and Samsung TVs to name a few. The leak featured code snippets and high level descriptions of the attacks but didn’t include the full programs or computer code.
Assange is planning on sharing these key details exclusively with the companies whose products are vulnerable, so they can work together in defeating the CIA’s hacking arsenal. In a live streamed press conference, Assange stated that “considering what we think is the best way to proceed and hearing these calls from some of the manufacturers, we have decided to work with them to give them some exclusive access to the additional technical details that we have so that the fixes can be developed and pushed out, so people can be secure.”
Major security revelations like this one are a difficult subject and put the government in a tricky position with private companies. Should the government hold on to the exploits so they can be used against cyber enemies like Russia, China, and North Korea? Should they release them to tech companies so the flaws can be patched? Julian Assange isn’t seen as the most trustworthy person by the US government, so relying on him for critical information like this is unnerving to officials and lawmakers.
Microsoft and Cisco are welcoming the submissions through their standard vulnerability reporting channels, but have not been contacted yet by Assange. Google, Apple, and Samsung on the other hand did not respond to requests for comment by Reuters.
Assange has maintained that he has a lot more information than what’s been already released and is planning on sharing it soon. Most industry analysts believe the leaks came from contractors that worked with the CIA which has many US intelligence officials as well as President Trump worried. The CIA knew of the breaches late last year and Trump “believes that the systems at the CIA are outdated and need to be updated.”
Whatever happens, patching security vulnerabilities in widely used systems is always a good thing. Manufacturers will take these kind of submissions no matter what, even if they come from unorthodox sources.