Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

Julian Assange’s Potentially Hollow Promise to Help Tech Firms Overcome CIA Hacks

Many of the problems are already fixed and technology companies may be reluctant to work with WikiLeaks—for now, at least.

A generous offer from Julian Assange to lend tech firms a hand in shoring up the security of their software in the wake of the WikiLeaks CIA data dump might not necessarily come to much.

Earlier this week, Assange’s WikiLeaks published thousands of files that are part of what it claims is the “largest ever publication of confidential documents” from the CIA. Present and former government staff say that the files appear to be genuine. We’ve already argued that the kinds of cyberweapons described in the files, and allegedly in use by the CIA, aren’t particularly revelatory from a technical perspective.

Still, they are a concern for tech companies whose hardware is compromised. That includes Samsung, whose smart TVs can apparently be repurposed as spy posts, as well as Apple and Google, whose smartphone operating systems, iOS and Android, find themselves threatened by targeted exploits that allow the CIA to gain partial remote control. WikiLeaks claims that it has source code for such attacks, though it has not yet published it.

Step forward the gallant knight Assange. “After considering what we think is the best way to proceed and hearing these calls from some of the manufacturers,” he explained during a press conference yesterday, “we have decided to work with them to give them some exclusive access to the additional technical details that we have so that fixes can be developed and pushed out, so that people can be secure.”

The technology world, it seems, is supposed to be grateful to Assange for this kindness and the fact that he’s willing to extend it despite his taste for radical transparency at all costs. But there are some problems with this promise.

First, it’s unclear why WikiLeaks didn’t simply share details of the CIA exploits with technology firms before going ahead and publishing the files. Security researchers, for instance, would typically alert companies to vulnerabilities before going public, allowing them a grace period in which to solve the problem before the news hits. Still, in WikiLeaks's defense, even opting to hold back the source code at all is an improvement on its previous "publish first, worry later" approach.

Second, a lot of the vulnerabilities listed in the files published so far are already old and fixed. Apple says that most of the flaws have already been spotted and patched in the latest version of iOS. Google says that users with the latest version of Android are protected from most of the hacks.

There’s also the fact that technology firms may not even take him up on the offer. According to the Financial Times (paywall), sources at some tech companies have decided that it might be “legally dangerous” to look at, let alone act on, the files without government permission. So even if it was useful to work with WikiLeaks, Assange’s promise may be of no practical use.

And then, of course, there’s the fact that Assange is notoriously media-savvy and the promise may be more bluster than substance. The Financial Times reports that he may be using the opportunity to sidle right into the center of an already fraught relationship between Silicon Valley and federal agencies to refresh his notoriety. Jake Williams, founder of security firm Rendition Infosec, meanwhile, is even more blunt: he told Wired that it all “sounds like pure hype.”

The situation may yet change. WikiLeaks has so far only published part of the full set of files that it claims to have in its possession, and it’s unclear how explosive the remaining tranches will be. But for now, it looks like technology companies may try to get by without his help.

(Read more: Reuters, Wired, Financial Times (paywall), "The Wikileaks CIA Stash May Prove Interesting, But Not Necessarily for the Hacks," “Transparency and Secrets”)

AI is here. Will you lead or follow?
Join us at EmTech Digital 2019.

Register now
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Print Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.