Tech companies are reluctant to sign agreement with Wiki

Mar 20, 2017 13:53 GMT  ·  By

It's been quite a few days since WikiLeaks promised it would work with tech companies to patch the security exploits featured in the CIA leak, but no steps have been taken thus far. 

Following the reveal of the Vault 7 files from WikiLeaks, multiple files indicated the CIA used zero-day exploits to get into people's systems, including Android and iOS devices, Windows PCs, Macs and Linux PCs. After exposing all these files for the world to see, a lot of pressure was put on WikiLeaks because they did not go to the tech companies beforehand, helping them patch up their systems. 

In response, WikiLeaks said they would work with tech companies to secure everything. Motherboard writes, however, that WikiLeaks made demands on the companies before it would hand over the details needed to patch the vulnerabilities, including a requirement to issue security patches within 90 days. Depending on the size of the bug, this may or may not be possible. There's also the fact that companies may not want to sign up to anything without knowing what the flaws are. 

Wiki has a side of its own

The same sources say, however, that companies are somewhat reluctant to write patches based on WikiLeaks' information because there are concerns about the origins of the leak. The CIA could not confirm they are original because intelligence agencies never can. That makes everyone worry that Russia may have been responsible for forwarding the info to WikiLeaks and, in the process, may have tweaked the information, which could make companies open up their systems instead of making them safer. 

WikiLeaks has a different take on the story and says that companies such as Google are taking their time because they are, in fact, working with the US government and their relationship prevents them from fixing these kinds of flaws. 

It looks like everyone is suspicious of the other and, given the circumstances, some have more rights to be wary than the others.