Latest in Culture

Image credit: Saul Loeb/AFP/Getty Images

WikiLeaks won't share CIA exploits unless companies meet terms

It claims that Google and others are dragging their heels.
689 Shares
Share
Tweet
Share
Save

Sponsored Links

Saul Loeb/AFP/Getty Images

WikiLeaks offered to work with tech companies to patch the CIA's leaked security exploits, but there has been a whole lot of silence ever since. Why? That depends on who you ask. Motherboard sources claim that WikiLeaks "made demands" of the companies before it would hand over necessary details of the vulnerabilities, including a requirement that they promise to issue security patches within 90 days. Potential fixes are reportedly stuck in legal limbo, the tipsters say, as the companies are worried about writing patches based on leaked info, not to mention the origins of the leak. They're worried that Russia might have been responsible for forwarding the info.

WikiLeaks has confirmed the core of the story, but has a decidedly different take on the situation. While it acknowledges that most of the companies haven't taken action, it claims that Google and others aren't reacting to WikiLeaks' "industry standard responsible disclosure plan" due to "conflicts of interest" from their work with the US government. Supposedly, they're prevented from fixing these kinds of flaws due to their contracts.

More details on this situation are coming next week, WikiLeaks says. However, it's already threatening to name and shame companies by comparing their responsiveness with their "government entanglements." It points out that Mozilla and some European firms have been quicker to respond and have received some exploit data.

While it's difficult to know who's right, some caution is definitely necessary. WikiLeaks has a habit of playing up leaks, such as implying that the CIA could crack encrypted chat apps (it can only crack the devices used by those apps). Although leaks have suggested that companies might cooperate with US agencies, the truth in this case could be decidedly less exciting. Even a company fully opposed to backdoor surveillance may not want to patch flaws unless it's absolutely sure that it's legal to do so.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
689 Shares
Share
Tweet
Share
Save

Popular on Engadget

Relive Yamaha's synth history without leaving the couch

Relive Yamaha's synth history without leaving the couch

View
Tilt Five wants to bring augmented reality to tabletop games

Tilt Five wants to bring augmented reality to tabletop games

View
What's on TV this week: 'The Good Place'

What's on TV this week: 'The Good Place'

View
Facebook acquires neural monitoring startup CTRL-labs

Facebook acquires neural monitoring startup CTRL-labs

View
Samsung brings Note 10's AR and camera features to the Galaxy S10

Samsung brings Note 10's AR and camera features to the Galaxy S10

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr