![](\"https:\/\/tctechcrunch2011.files.wordpress.com\/2017\/03\/cia-headquarters.jpg?w=738\")
<\/p>\n<\/p>\n
Wikileaks dumped thousands of alleged CIA documents online yesterday that contained lists of vulnerabilities in popular tech products, sending companies scrambling to make sure their security patches were up-to-date. But as companies reviewed the documents, it became clear that most of the vulnerabilities they contained were outdated.<\/p>\n
Apple first dismissed the majority of the listed iPhone vulnerabilities<\/a> in a statement last night, and now Google and other firms are following suit.<\/p>\n \u201cAs we\u2019ve reviewed the documents, we\u2019re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities. Our analysis is ongoing and we will implement any further necessary protections. We\u2019ve always made security a top priority and we continue to invest in our defenses,\u201d Google\u2019s director of information security and privacy Heather Adkins said in a statement.<\/p>\n Finding flaws in iPhones and Android devices was important to the CIA\u2019s mission of surveilling targets because the security problems could allow the agency to eavesdrop on users\u2019 communications.<\/p>\n It\u2019s important to note that, although Google and Apple both say that most of the vulnerabilities are fixed, that doesn\u2019t mean all of them are. Users concerned about the security of their devices need to make sure they\u2019re updating to the latest software to get all of the security patches.<\/p>\n The Wikileaks disclosure has reignited a debate over whether U.S. intelligence agencies should disclose software vulnerabilities to companies so they can be fixed, or hoard them so they can be used for spying.<\/p>\n Mozilla\u2019s chief legal and business officer\u00a0Denelle Dixon highlighted the importance of disclosure in conversation with the New York Times<\/a>. \u201cThe C.I.A. seems to be stockpiling vulnerabilities, and WikiLeaks seems to be using that trove for shock value rather than coordinating disclosure to the affected companies to give them a chance to fix it and protect users,\u201d Dixon said. \u201cAlthough today\u2019s disclosures are jarring, we hope this raises awareness of the severity of these issues and the urgency of collaborating on reforms.\u201d<\/p>\n Many tech industry advocates believe that the government has a responsibility to protect American businesses and consumers by notifying companies of security flaws, rather than keeping them secret and exploiting them. The Obama administration pushed a vulnerabilities equity process<\/a> to help government agencies determine when to disclose vulnerabilities to companies, but the Wikileaks documents raise questions about whether the VEP is effective.<\/p>\n \u201cThe White House vulnerabilities equities process spells out what the government should be doing when it comes into possession of 0-days,\u201d Alex Rice, chief technology officer of HackerOne, told TechCrunch. \u201cIt\u2019s unclear if it\u2019s been honored properly in this case. Were these\u00a0vulnerabilities handled in the way outlined by the previous administration? And if not, what do we do about that? Was the process illegitimate to begin with? It\u2019s restarting a\u00a0conversation we thought we had a clear answer to.\u201d<\/p>\n Rice, who worked on Facebook\u2019s security team before helping launch the bug bounty platform HackerOne, said the vulnerabilities Wikileaks reported in Samsung smart TVs had a personal impact on him: Wikileaks claimed the CIA spied on targets through their TVs, and Rice\u00a0has a Samsung TV facing his bed. \u201cI\u2019m not worried about the CIA eavesdropping on my television. If the CIA is going to conduct espionage on me, they have more than enough means to do so. What I am concerned about, if the U.S. government knows I have vulnerable tech in my bedroom, that has direct implications to my privacy. That\u2019s something I should know about as a taxpayer,\u201d Rice explained.<\/p>\n After all, if the CIA discovers a\u00a0security vulnerability in a popular product, it\u2019s only a matter of time before hackers or other nations\u2019 spy agencies find it too. The CIA knew it had been breached late last year, according to a Reuters report, which calls into question why Apple, Google, Samsung and others weren\u2019t alerted sooner.<\/p>\n \u201cEventually these vulnerabilities are not going to be secret any longer,\u201d Rice said. \u201cHow are we going to minimize the damage when that happens? This leak is proof of that. We are all at a disadvantage if Wikileaks has access to a 0-day in iPhone, Android, or\u00a0Samsung TV.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"![\"\"](\"https:\/\/tctechcrunch2011.files.wordpress.com\/2017\/03\/cia-headquarters.jpg?w=680\")
Wikileaks dumped thousands of alleged CIA documents online yesterday that contained lists of vulnerabilities in popular tech products, sending companies scrambling to make sure their security patches were up-to-date. But as companies reviewed the documents, it became clear that most of the vulnerabilities they contained were outdated.
\nApple first dismissed the majority of the listed iPhone… Read More<\/a><\/p>\n\n<\/img><\/a>
<\/img><\/a>
<\/img><\/a>
<\/img><\/a>
<\/img><\/a>
<\/img><\/a>\n<\/div>\n
<\/p>\n","protected":false},"author":5817,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[25],"tags":[59,66,26],"class_list":["post-335349","post","type-post","status-publish","format-standard","hentry","category-technology","tag-media","tag-techcrunch","tag-technology"],"_links":{"self":[{"href":"https:\/\/people.utm.my\/asmawisham\/wp-json\/wp\/v2\/posts\/335349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/people.utm.my\/asmawisham\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/people.utm.my\/asmawisham\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/people.utm.my\/asmawisham\/wp-json\/wp\/v2\/users\/5817"}],"replies":[{"embeddable":true,"href":"https:\/\/people.utm.my\/asmawisham\/wp-json\/wp\/v2\/comments?post=335349"}],"version-history":[{"count":0,"href":"https:\/\/people.utm.my\/asmawisham\/wp-json\/wp\/v2\/posts\/335349\/revisions"}],"wp:attachment":[{"href":"https:\/\/people.utm.my\/asmawisham\/wp-json\/wp\/v2\/media?parent=335349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/people.utm.my\/asmawisham\/wp-json\/wp\/v2\/categories?post=335349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/people.utm.my\/asmawisham\/wp-json\/wp\/v2\/tags?post=335349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}