Wikileaks begins helping companies exploited in Vault 7
Wikileaks has begun reaching out to the tech companies affected in their release of Vault 7, after a majority of Wikileaks supporters showed overwhelming support. Vault 7 is a devastating leak the CIA suffered after Wikileaks released ‘Year Zero,’ part one of a multi-series leak revealing the CIA had weaponized exploits for every major companies products including Apple, Google, Microsoft, Samsung among countless others.
After Wikileaks published the documents detailing these aggressive exploits the CIA hoarded, many asked Wikileaks if they were going to help major companies patch these exploits to keep the public safe.
Shortly after their supporters begged the question, Wikileaks published a poll on Twitter, asking supporters if they’d like to see Wikileaks reach out to these companies and provide more information or let them suffer.
After an astounding 52,461 votes, 57% of Wikileaks supporters were in favor of the organization reaching out to aid Apple, Google among others severely affected by the leak.
What companies has Wikileaks contacted?
Six days after the Wikileaks poll, they published a tweet mentioning the companies they’ve reached out to. According to Wikileaks, their organization is currently in contact with Apple, Google, Microsoft, MicroTik, and Mozilla, to help patch the CIA abused vulnerabilities.
It’s currently unclear if Wikileaks will work with more affected companies, or may even reach out to the companies prior to publishing more information on exploits in their products.
This type of action is uncommon for Wikileaks, to work or provide information directly to tech companies. But due to the different nature of this leak, this type of action is necessary. Wikileaks confirmed that they would not publish the specific exploits or weaponized hacking data, until they can find a time to deweaponize it.
Meaning tech companies don’t have the exact exploit code or areas targeted in their products. Making it much harder to patch the exploits. Wikileaks has made it clear their intent is not to start a cyber war and give everyone access to the tools the CIA possess.
What exploits are going to be patched?
Within Vault 7, we learned that the CIA had several exploits to gain full control of targets mobile phones, browsers, computers and even TV’s, from companies including Apple, Google, Blackberry, Microsoft, Mozilla, Nokia, Samsung among several others. Year Zero revealed the CIA has:
- 14 iOS exploits that allowed control over the device
- 24 “weaponized” Android “zero days” as of 2016
- Unknown number of exploits in Blackberry
- Unknown number of exploits in Nokia
- Weeping Angel: an extensive operation that allowed the CIA to eavesdrop on Smart TV’s micirophone
- Unknown number of exploits in Samsung
- Detailed knowledge of Siemens, the largest manufacturing and electronics company in Europe
- Hoarded weaponized vulnerabilites in Windows, Mac and Linux
These are what we currently know of, but like Wikileaks said, they are working with companies like MicroTik and Mozilla, whose names were hardly mentioned in Vault 7. A number of patches in Apple and Android are likely to be rolling out over the next month.
A number of these vulnerabilities are already patched
What may be shocking is that a both Apple and Google noted that they had discovered a majority of these vulnerabilities and patched them as early as January of this year.
Apple made a statement that their January update addressed a majority of these extreme vulnerabilities in iOS. Google also mentioned a number of these Android exploits had been patched throughout numerous updates.
Wikileaks has a lot more data to publish, as the organization said that they’ve released less than 1% of everything Vault 7 contains. We can only hope the foundation continues to work with tech companies to help protect the citizens from a rogue government.