After the hubbub died down, the first of WikiLeaks’ much-touted “Vault 7” dumps turns out to have revealed little about the CIA’s hacking abilities.
In fact, numerous information security experts say it demonstrates quite the opposite: That instead of widespread, unchecked hacking capabilities (of the sort Edward Snowden revealed in 2013), the CIA now has to develop (and pay for) expensive exploits, then apply them to individual devices on a selective basis. Read more on that here.
What’s more, the exploits it detailed were manageable enough that Apple had already patched many of them, the company told HuffPost in a statement.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” Apple said. The company urged users to install the latest updates, as that’s always the best way to keep devices secure.
“The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way,” Apple added.
“Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system.”
Google pledged to follow suit, telling The Huffington Post in a statement that it is analyzing the documents and that security updates to both Android and Chrome “already shield users from many of these alleged vulnerabilities.”
“Our analysis is ongoing and we will implement any further necessary protections,” said Heather Adkins, Google’s director of information security and privacy. “We’ve always made security a top priority and we continue to invest in our defenses.”
Generally speaking, Android devices tend to be less secure than iPhones, given the diversity of devices running Android and manufacturers’ often glacial pace in rolling out updates.
While Apple said nearly 80 percent of users are running the latest, most secure version of iOS, recent reports show less than 3 percent of users are running Android’s most recent version, named “Nougat.” (Supposedly President Donald Trump uses an outdated version of Android.)
What does this mean for users? Not much. The best things to do: Keep your phone up to date and follow basic information security best practices such as using two-factor authentication and unique passwords.
Or as technology sociologist Zeynep Tufekci put it:
“Sensationalists want you to worry about meteors; instead you should put down anti-slip stuff in the bathtub.”
This story has been updated with comment from Google.