Earlier this month, WikiLeaks published the first part of the “Vault7" series of leaks, called “Year Zero”, which included 8,761 documents and files from CIA’s Center for Cyber Intelligence in Virginia. The documents claim that the CIA has developed several tools to infect all kinds of devices, from PCs to Smart TVs, including those devices not connected to the internet or other insecure networks.
Julian Assange has since promised that WikiLeaks would work with the affected tech companies to give them exclusive access to the technical details of those exploits, instead of going completely public about the malware, viruses, trojans and zero-day exploits codes. But it wasn't until this week that WikiLeaks got in contact with the cited tech companies via email.
According to unnamed sources familiar with the matter, WikiLeaks has made demands on the initial contact with firms such as Apple, Microsoft and Google, but didn't share any of the alleged CIA codes. Attached to the email sent to those companies was a document containing a series of undisclosed conditions that should be signed off by them before receiving further information from WikiLeaks.
The only condition revealed for the press until now was a 90-day disclosure deadline to compel companies to release patches for their software's vulnerabilities. It is not the first-time that tech companies have received a deadline to release patches once vulnerabilities are disclosed to them. Google, for example, has been doing so for quite some time through its Project Zero, particularly when dealing with Microsoft Windows vulnerabilities, sometimes providing only a 10-day disclosure deadline.
Unfortunately, it is not yet clear if tech companies will make use of any info that may be shared by WikiLeaks in the future. Due to the illegal origin of those files, which are classified by the US government, the use of the info they contain to patch the disclosed vulnerabilities may also be illegal.
Source: MotherBoard
19 Comments - Add comment