It has been a couple of weeks since Wikileaks first dropped its Vault 7 leak, revealing plenty about the CIA’s hacking and spying methods. Since then, tech companies have been scrambling to find the security holes so they can put out patches and it seems that Wikileaks is going to help them in their efforts providing exclusive access to the exploits used. However, the catch is that all exploits need to be fixed within 90 days.
Wikileaks is going to give tech firms access to the CIA’s exploits before making them public. However, a commitment to fix exploits within 90 days will be required in order to gain access. Otherwise, Wikileaks will release the exploits to the world, which would in turn cause huge security issues for the companies involved.
After finally getting in touch with the likes of Apple, Microsoft and Google, Julian Assange promised access to the CIA’s trove of exploits so that the companies involved can improve security before these exploits are made public.
Similarly to Google’s Project Zero, Assange is asking that the companies involved adhere to a 90 day deadline. However, it is unknown at this point whether these companies will be able to agree to work with Wikileaks as the company is in possession of stolen documents. If Apple, Google and Microsoft receive access to these documents, then it could put them in a sticky situation legally.
Either way, it is currently believed that Wikileaks has hundreds of thousands of documents in its possession that it has yet to make public. Vault 7 was just the first of several CIA document dumps so there will be more news to come out of this.
KitGuru Says: If Wikileaks is planning on making the CIA’s iOS, Windows and Android exploits public anyway, then it seems that Microsoft, Apple and Google should try and get ahead of that by gaining access and issuing quick patches. However, the situation is likely causing some headaches for the lawyers involved.