Julian Assange, the founder of WikiLeaks, wants big players like Apple and Samsung to disarm the CIA’s exploits before he releases them to the world.
WikiLeaks wants to join forces with tech giants against the CIA.
The leak-focused site on Tuesday released thousands of alleged CIA documents, accusing the intelligence agency of amassing tools that can break into iPhones, Android devices, smart TVs and cars. WikiLeaks’ “Vault 7” release also indicated that the CIA hoarded vulnerabilities in iOS and Android and kept them secret so it could continue using them to gain access to devices. CNET is unable to verify whether the documents are real or have been altered.
On Thursday, WikiLeaks founder Julian Assange said that his organization will work with tech giants like Apple, Google and Samsung to plug those holes before it releases more details on the CIA’s hacking program.
“We have quite a lot of exploits … that we want to disarm before we think about publishing it,” Assange said at a press conference streamed on Periscope. “We’re going to work with some of these manufacturers to try and get these antidotes out there.”
His press conference was the latest turn in a drama that has potentially blown open how the CIA could use our own devices to spy on us. The documents show how the agency has allegedly been able to break into even encrypted devices such as phones and computers by taking control of their operating systems. Assange said he’s been keeping WikiLeaks’ findings under wraps while the CIA’s exploits can still be used because he doesn’t want them falling into the wrong hands. He said the CIA has already “lost control of its entire cyberweapons arsenal,” which he criticized for being poorly secured.
He said WikiLeaks has much more information on the CIA’s cyberweapons program that it’s waiting to reveal.
“This is an historic act of devastating incompetence,” Assange said, “to have created such an arsenal and stored it all in one place and not secured it.”
The CIA has not confirmed or denied the authenticity of WikiLeaks’ release but did say that it is the CIA’s job to “be innovative” and “cutting edge” with its technology. The intelligence agency said it will continue to spy on foreign countries to “protect America from terrorists, hostile nation states and other adversaries.”
The agency also sought to cast suspicion on the messenger.
“As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity,” CIA spokesman Jonathan Liu said Thursday in a statement.
Challenges for Android and others
For some of the smaller exploits, it will take companies two or three days to patch up the vulnerabilities, Assange said. For exploits on so-called internet of things devices like smart baby monitors or refrigerators, it could take much longer.
Samsung said it is “urgently looking” into the CIA’s alleged exploits after WikiLeaks named a program that could secretly turn its TVs into listening devices. Apple said it had already patched up most of the vunerabilities with its latest version of iOS. Microsoft said that it’s aware of the CIA’s alleged tools and that it’s “looking into it.”
Google said in a statement that it had already patched up most of the holes. However, the various makers of Android devices add their own custom software, which may still be vulnerable.
Android users will also have the most difficulty in getting fixes for some of the CIA’s exploits because the operating system is used by multiple manufacturers with different rollout schedules for updates.
“For some systems, like Android with many manufacturers, there is no automatic update to the system. That means that only people who are aware of it can fix it,” Assange said. “Android is significantly more insecure than iOS, but both of them have significant problems.”
WikiLeaks is still sorting through thousands of documents for future releases. The organization redacted more than 78,000 IP addresses, more than a quarter of which came from the US. The CIA said it does not spy on US citizens, but WikiLeaks is still investigating how many of the 22,000 IP addresses in the US are from the CIA’s hacking unit and how many are malware victims.
Assange said the CIA’s hacking programs cannot be properly regulated by its design.
“The technology is designed to be unaccountable. It’s designed to be untraceable,” he said.