We had two stories submitted pertaining the recent announcement that Wikileaks claimed it had received a cache of CIA hacking tools.
Security firms have started assessing the impact of the CIA hacking tools exposed on Tuesday by WikiLeaks as part of the leak dubbed "Vault 7."
Files allegedly obtained from a high-security CIA network appear to show that the intelligence agency has tools for hacking everything, including mobile devices, desktop computers, routers, smart TVs and cars.
The published files also appear to show that the CIA has targeted the products of many security solutions providers, including anti-malware and secure messaging applications. The list of affected vendors includes Symantec, Kaspersky, Avira, F-Secure, Microsoft, Bitdefender, Panda Security, Trend Micro, ESET, Avast, AVG, McAfee, Comodo and G Data.
While WikiLeaks has not released any of the exploits it has obtained, an initial investigation conducted by security firms indicates that the CIA's capabilities may not be as advanced as some have suggested.
[...] WikiLeaks reported that the CIA had found a way to bypass the encryption of Signal, Telegram, WhatsApp and other secure messaging applications.
While many jumped to conclude that the agency had actually broken the encryption of these apps, WikiLeaks actually meant that gaining access to a mobile device using iOS and Android exploits could have given the CIA access to conversations, without having to break their encryption.
Source: http://www.securityweek.com/security-firms-assess-impact-cia-leak
Julian Assange has offered tech companies exclusive access to CIA hacking tools so that they can patch flaws in their software. However, some of the companies claim to have already patched the exploits:
WikiLeaks will provide technology companies with exclusive access to CIA hacking tools that it possesses, to allow them to patch software flaws, founder Julian Assange said on Thursday. The offer, if legitimate, could put Silicon Valley in the unusual position of deciding whether to cooperate with Assange, a man believed by some U.S. officials and lawmakers to be an untrustworthy pawn of Russian President Vladimir Putin, or a secretive U.S. spy agency.
It was not clear how WikiLeaks intended to cooperate with technology companies, or if they would accept his offer. The anti-secrecy group published documents on Tuesday describing secret Central Intelligence Agency hacking tools and snippets of computer code. It did not publish the full programs that would be needed to actually conduct cyber exploits against phones, computers and Internet-connected televisions. [...] Several companies have already said they are confident that their recent security updates have already accounted for the purported flaws described in the CIA documents. Apple said in a statement on Tuesday that "many of the issues" leaked had already been patched in the latest version of its operating system.
(Score: 0) by Anonymous Coward on Friday March 10 2017, @05:00AM
Haven't you heard? They're trying to put "the wall" back up again.