Wikileaks dumped thousands of alleged CIA documents online yesterday that contained lists of vulnerabilities in popular tech products, sending companies scrambling to make sure their security patches were up-to-date. But as companies reviewed the documents, it became clear that most of the vulnerabilities they contained were outdated.
Apple first dismissed the majority of the listed iPhone vulnerabilities in a statement last night, and now Google and other firms are following suit.
“As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities. Our analysis is ongoing and we will implement any further necessary protections. We’ve always made security a top priority and we continue to invest in our defenses,” Google’s director of information security and privacy Heather Adkins said in a statement.
Finding flaws in iPhones and Android devices was important to the CIA’s mission of surveilling targets because the security problems could allow the agency to eavesdrop on users’ communications.
It’s important to note that, although Google and Apple both say that most of the vulnerabilities are fixed, that doesn’t mean all of them are. Users concerned about the security of their devices need to make sure they’re updating to the latest software to get all of the security patches.
The Wikileaks disclosure has reignited a debate over whether U.S. intelligence agencies should disclose software vulnerabilities to companies so they can be fixed, or hoard them so they can be used for spying.
Mozilla’s chief legal and business officerDenelle Dixon highlighted the importance of disclosure in conversation with the New York Times . “The C.I.A. seems to be stockpiling vulnerabilities, and WikiLeaks seems to be using that trove for shock value rather than coordinating disclosure to the affected companies to give them a chance to fix it and protect users,” Dixon said. “Although today’s disclosures are jarring, we hope this raises awareness of the severity of these issues and the urgency of collaborating on reforms.”