As the CIA seeks to find more zero-day vulnerabilities to exploit, companies search for ways to counter that

Mar 9, 2017 09:55 GMT  ·  By

Google claims that it has already fixed many of the vulnerabilities discussed in the WikiLeaks Vault 7 revelations regarding the extensive hacking capabilities of the CIA.

According to the huge file dump from WikiLeaks, which is comprised of alleged CIA documents containing lists of vulnerabilities in popular tech products, including Google's Android and Apple's iOS, CIA's hackers discovered zero-day vulnerabilities, exploited them, and managed to get into targeted phones, bypassing encryption settings set into various messaging apps and so on.

"As we've reviewed the documents, we're confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities. Our analysis is ongoing, and we will implement any further necessary protections. We've always made security a top priority, and we continue to invest in our defenses," came Google's statement via Heather Adkins, director of information security and privacy.

Given Google's statement, we can assume that some of the bugs the CIA is exploiting haven't been fixed or Google has no idea what they are, and that's normal. In fact, it's because of instances such as this one that Google and other companies have demanded that the intelligence agencies in the United States immediately report zero-day vulnerabilities they discover. Keeping them locked up and exploiting them for their own game puts millions upon millions of people at risk. After all, if one hacker managed to find the security hole, others may as well, others that have even more nefarious purposes.

The worst part - exploiting zero-day vulnerabilities

The tech industry as a whole reacted to the file dump, expressing concern over CIA's tendency to stockpile vulnerabilities instead of sharing information with the affected services.

"The CIA seems to be stockpiling vulnerabilities, and WikiLeaks seems to be using that trove for shock value rather than coordinating disclosure to the affected companies to give them a chance o fix it and protect users. [...] We hope this raises awareness to the severity of these issues and the urgency of collaborating on reforms," said Mozilla's chief legal and business officer Denelle Dixon to the New York Times.

Files exposed by WikiLeaks in its Vault 7 release indicate the CIA has many ways to control the most popular gadgets and always looks into finding new ways to break into them. Malware, viruses and other types of exploits are something the CIA works on regularly.