Latest in Culture

Image credit: Saul Loeb/AFP/Getty Images

WikiLeaks won't share CIA exploits unless companies meet terms

It claims that Google and others are dragging their heels.
689 Shares
Share
Tweet
Share

Sponsored Links

Saul Loeb/AFP/Getty Images

WikiLeaks offered to work with tech companies to patch the CIA's leaked security exploits, but there has been a whole lot of silence ever since. Why? That depends on who you ask. Motherboard sources claim that WikiLeaks "made demands" of the companies before it would hand over necessary details of the vulnerabilities, including a requirement that they promise to issue security patches within 90 days. Potential fixes are reportedly stuck in legal limbo, the tipsters say, as the companies are worried about writing patches based on leaked info, not to mention the origins of the leak. They're worried that Russia might have been responsible for forwarding the info.

WikiLeaks has confirmed the core of the story, but has a decidedly different take on the situation. While it acknowledges that most of the companies haven't taken action, it claims that Google and others aren't reacting to WikiLeaks' "industry standard responsible disclosure plan" due to "conflicts of interest" from their work with the US government. Supposedly, they're prevented from fixing these kinds of flaws due to their contracts.

More details on this situation are coming next week, WikiLeaks says. However, it's already threatening to name and shame companies by comparing their responsiveness with their "government entanglements." It points out that Mozilla and some European firms have been quicker to respond and have received some exploit data.

While it's difficult to know who's right, some caution is definitely necessary. WikiLeaks has a habit of playing up leaks, such as implying that the CIA could crack encrypted chat apps (it can only crack the devices used by those apps). Although leaks have suggested that companies might cooperate with US agencies, the truth in this case could be decidedly less exciting. Even a company fully opposed to backdoor surveillance may not want to patch flaws unless it's absolutely sure that it's legal to do so.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
689 Shares
Share
Tweet
Share

Popular on Engadget

Hitting the Books: A brief history of industrial espionage and corn

Hitting the Books: A brief history of industrial espionage and corn

View
'Minecraft Earth' gets a bit more physical thanks to new NFC-enabled minis

'Minecraft Earth' gets a bit more physical thanks to new NFC-enabled minis

View
The Morning After: Don't buy a Galaxy Z Flip

The Morning After: Don't buy a Galaxy Z Flip

View
Twitter suspends 70 accounts posting identical pro-Bloomberg content

Twitter suspends 70 accounts posting identical pro-Bloomberg content

View
Google fully explains why its apps aren't on new Huawei phones

Google fully explains why its apps aren't on new Huawei phones

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr