WikiLeaks published “Vault 7”, a collection of about 10,000 CIA documents created between 2014 and 2016, this past Tuesday. These documents contain the CIA’s collection on specific software vulnerabilities.
Tech companies such as, Apple, Microsoft and Samsung were specifically mentioned in the documents, in regard to, security holes the CIA uses to hack into their specific smart devices. For example, The CIA can use Samsung’s Smart TV to listen to people even when the TV appears to be off. All three of these companies have addressed the security flaws mentioned and state that they are “looking into” them.
Apple commented late Tuesday, “While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities.” They went on to say, “We always urge customers to download the latest iOS to make sure they have the most recent security updates.”
The Vault 7 leak has brought to light new criticism of the CIA and other intelligence agencies’ practice of discovering security flaws in popular hardware and software, and failing to disclose the flaws to the manufacturers. Both the CIA and Trump administration have denied any comment on the authenticity of these files.
Cybersecurity expert, Vinny Troia commented, “The CIA hiding the security holes in these devices from the manufacturers is frowned upon, but what I really find to be irresponsible is what Wikileaks did. In one breath, they are saying ‘look at all of this technology that the CIA has to spy and harm everyone’, and on the other hand they are saying ‘here it is. Enjoy!’ Just proves the importance of detecting security weaknesses within your own network before they can be used by cyber criminals.”