WikiLeaks And The CIA Vault 7 Hack: Has Anything Happened?Last month, a major news story served as a brief distraction for those focused on Russian hacking and the US election. WikiLeaks’ release of the so-called “Vault 7” documents spelled out an alleged CIA scheme to create exploits and take advantage of software vulnerabilities in Android, iOS and Windows devices, as well as appliances like Samsung smart TVs. The CIA’s supposed goal: conducting electronic surveillance not only on terrorists, but on ordinary Americans as well.
WikiLeaks claims it released the CIA documents to make the public aware of the alleged spy program, and to allow developers to patch their products’ vulnerabilities. WikiLeaks founder Julian Assange says he’ll eventually release all of the actual exploit code after the security holes have been fixed, and he’s offered to work with the companies to “help” them. He also claims he has much more information on the CIA’s “cyberweapons arsenal.”
The story made headlines – briefly. Most people, though, quickly turned their attention back to claims, counterclaims, denials and investigations in the Russia/US/Trump saga.
That doesn’t mean the CIA hack wasn’t a very big deal. Here’s what’s been going on in the weeks following the WikiLeaks Vault 7 dump.
FixesMost of the companies named in the documents, as you’d expect, are saying “nothing to see here.”
- Android and Chrome: Google claims that most of the exploits are already blocked in its latest software versions and that it’s continuing to patch any remaining holes. However, that doesn’t help the millions of users who don’t update regularly, those whose phones’ operating systems can’t be updated, and some of those whose devices use third-party implementations of Android. Android 4.0 to 4.1.2 and Chrome 32 to 39 are still vulnerable.
- iOS: Apple says its latest version is safe from the alleged CIA hacks, and that more than three-quarters of its users are now on the latest version.
- Microsoft and Samsung: Microsoft says it’s “looking into” the reported vulnerabilities, and Samsung is apparently even more concerned because it’s “urgently” looking into them. One would imagine that patches are either being deployed or being developed, but neither company has provided an update.
- Cisco: The company used the Vault 7 documents to find a flaw with default settings in Cisco cluster switches using iOS, and advises all users of these switches to connect via SSH and not Telnet for the time being.
The CIA and the Tech IndustryThere’s been a frayed relationship between tech and US intelligence agencies for quite a while now, with the latest blowup coming over last year’s FBI’s insistence that Apple unlock an iPhone belonging to a San Bernardino terrorist.
The two sides have been trying to rebuild relationships severely strained by the privacy/national security argument since then, but former CIA director General David Petraeus tells Southern California Public Radio that the WikiLeaks revelations are likely to once again damage any trust between the big tech companies and government security agencies.
As for the CIA? No apologies there; the Agency simply warns that WikiLeaks and Assange shouldn’t be viewed as “a bastion of truth and integrity” while refusing to authenticate any of the leaked material and insisting that the CIA will continue to be “cutting edge” in its efforts to protect America.
That’s all anyone’s saying for now, so feel free to go back to following the Russia story – after being sure all of your devices’ software has been updated, of course.