WikiLeaks said it plans to take action against technology companies that “continue to drag their feet” in communicating over software and products that might be vulnerable to the CIA’s hacking program revealed in the “Vault 7” publication on March 7.
In a statement posted to Twitter late Friday, WikiLeaks founder and editor-in-chief Julian Assange said companies such as Mozilla have already exchanged letters after his organization offered its help in working with them by offering the technical details of the CIA’s alleged hacking methods.
Other companies, like Google, have yet to “confirm receipt of our initial approach,” Assange said. They may be unable to reach out because of conflicts of interest due to classified work with for the U.S. government, he noted.
According to Assange, WikiLeaks is poised to take action against those companies who haven’t been in contact.
“Should such companies choose to not secure their users against CIA or NSA attacks users may prefer organizations such as Mozilla or Europeans companies that prioritize their users over government contracts,” Assange said. “Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decide for themselves.”
Assange said WikiLeaks will have more to say on the issue next week.
WikiLeaks’ “update” may have come in response to a Motherboard report Friday that said WikiLeaks was making demands of companies it offered to help. The report said WikiLeaks requested these companies sign off on a series of conditions, which one unnamed sources suggested might include a disclosure deadline compelling the companies to commit to issuing a patch for their software in 90 days.
The CIA’s malware, trojans and weaponized viruses have the capability of bypassing encryption protection in a wide range of devices made in Europe and U.S., including Apple’s iPhone, Google’s Android and Microsoft’s Windows, as well as smart TVs, turning them into covert microphones.
Tech companies like Apple, Google and Samsung, whose products were mentioned in the CIA WikiLeaks documents, have already commented on the potential security threat to their devices, and some claim that the latest patches and security updates are sufficient to protect consumers’ devices.
Apple suggested that the solution to protecting devices from any hacks is to do what the company always stresses its customers to do: stay current with security updates.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” an Apple spokesman said in a statement. “We always urge customers to download the latest iOS to make sure they have the most recent security updates.”
The spokesman noted that nearly 80 percent of Apple product users are running the latest version of their operating system.
The Vault7 publication of CIA documents covers a period of time from 2013 to 2016. The latest iOS update, 10.2.1, was released on Jan. 23.
Google put out a statement that was similar to Apple’s, touting confidence in its security updates for its Chrome web browser and Android phones.
“As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities,” Heather Adkins, Google’s director of information security and privacy, said in a statement. “Our analysis is ongoing and we will implement any further necessary protections. We’ve always made security a top priority and we continue to invest in our defenses.”
WikiLeaks revealed a CIA project called “Weeping Angel” that aims to turn smart TVs into covert microphones. The CIA tried to hack into the Samsung smart TV, specifically the F8000 model, by working with the United Kingdom’s MI5/BTSS to create a “fake off” mode that allowed secret recording of conversations in the room.
Samsung responded to the WikiLeaks dump by saying the company is “urgently looking into the matter.”
“Protecting consumers’ privacy and the security of our devices is a top priority at Samsung,” the company said, according to the BBC. “We are aware of the report in question and are urgently looking into the matter.”
Microsoft also said it is looking into the WikiLeaks report.
While the CIA wouldn’t say whether the WikiLeaks documents are real, and would not confirm reports that it is investigating any leaks, it warned that any time WikiLeaks publishes something that could hurt the CIA’s ability to do its job is a problem.
“The American public should be deeply troubled by any WikiLeaks disclosure designed to damage the intelligence community’s ability to protect America against terrorists and other adversaries,” a CIA spokesperson said in a statement. “Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information that do us harm.”
According to a report from Reuters on Friday, U.S. prosecutors are expanding an ongoing grand-jury investigation into WikiLeaks to include the CIA document leak.
Assange said during a press conference that once the Vault 7 material is “effectively disarmed by us by removing critical components,” then WikiLeaks will publish the next wave of CIA documents it has in its possession.
Editor’s note: This article has been updated to include the report about an expanded WikiLeaks investigation by U.S. prosecutors.
