FRANKFURT, March 8- Tech companies must rapidly step up information-sharing to protect users from prying eyes, a security software executive said on Wednesday after WikiLeaks released a trove of data purporting to show that the CIA can hack all manner of devices. \u00ab\u00a0We can…<\/b>
(Tweaks first paragraph, adds Google declining to comment; changes slug to conform to previous stories)
FRANKFURT, March 8 (Reuters) – Tech companies must rapidly step up information-sharing to protect users from prying eyes, a security software executive said on Wednesday after WikiLeaks released a trove of data purporting to show that the CIA can hack all manner of devices.
Dozens of firms rushed to contain the damage from possible security weak points following the anti-secrecy organization’s revelations, although some said they needed far more information on what the U. S. intelligence agency was up to before they could thwart suspected but previously hidden attacks.
Sinan Eren, vice president of Czech anti-virus software maker Avast, called on mobile software makers Apple and Google to supply security firms with privileged access to their devices to offer immediate fixes to known bugs.
\u00ab\u00a0We can prevent attacks in real time if we are given the hooks into the mobile operating system,\u00a0\u00bb Eren said in a phone interview from Silicon Valley, where he is located.
\u00ab\u00a0If we can drive a paradigm shift where mobile platforms don’t shut off access, we’ll be better able to detect when hackers are hiding in a mobile (phone),\u00a0\u00bb he said.
Avast, which counts more than 400 million users of its anti-virus software worldwide, was named in the WikiLeaks documents as one of the security vendors targeted by the CIA in a leaked page labeled \u00ab\u00a0secret\u00a0\u00bb but lacking further details.
The leaks – which WikiLeaks described as the biggest in the Central Intelligence Agency’s history – had enough technical details for security experts and product vendors to recognize that widespread compromises exist. However, they provided few specifics needed to offer quick fixes.
Reuters could not immediately verify the validity of the published documents, but several contractors and private cyber security experts said the materials appeared to be legitimate. (http:\/\/reut.rs\/2mEIxjU)
The 8,761 leaked documents list a wealth of security attacks on Apple and Google Android smartphones carried by billions of consumers, as well as top computer operating systems – Windows, Linux and Apple Mac – and six of the world’s main web browsers.
Apple said in a statement that nearly 80 percent of iPhone users run its current iOS software with the latest security patches. \u00ab\u00a0Many of the issues leaked today were already patched in the latest iOS; we will continue work to rapidly address any identified vulnerabilities,\u00a0\u00bb Apple said on Tuesday. The statement made no reference to attacks on its computer software.
Google declined to comment, while a Microsoft spokeswoman said: \u00ab\u00a0We’re aware of the report and are looking into it. \u00a0\u00bb
Widely-used routers from Silicon Valley-based Cisco were listed as targets, as were those supplied by Chinese vendors Huawei and ZTE and Taiwanese supplier Zyxel for their devices used in China and Pakistan.
Cisco security team members said in a blog post that because WikiLeaks has not released any of the actual hacking exploits, \u00ab\u00a0the scope of action that can be taken by Cisco is limited. \u00a0\u00bb
Omar Santos, a principal engineer in Cisco’s security response unit, said malware appears to be targeting whole families of Cisco devices but is designed to remain hidden so as to steal data unnoticed. He said Cisco assumes WikiLeaks will eventually disclose the hacks, allowing it to fix them.
Huawei declined to comment. ZTE and Zyxel were not immediately available to respond.
STAY OF EXECUTION
Messaging apps protected by full software encryption also appear to be vulnerable to hacking of the smartphones themselves, communications app provider Telegram said in a blog post. But one positive outcome may be that device and software makers will be able to close up these holes, it said.
\u00ab\u00a0This is not an app issue. It is relevant on the level of devices and operating systems like iOS and Android,\u00a0\u00bb Telegram stated, adding: \u00ab\u00a0The good news is that for the moment all of this is irrelevant for the majority of Telegram users. If the CIA is not on your back, you shouldn’t start worrying just yet. \u00a0\u00bb
The WikiLeaks collection contains a mix of copious data and empty files marked \u00ab\u00a0secret\u00a0\u00bb that promised more details to come on attacks against more than 15 security software firms.
U. S. cyber security expert Robert Graham said WikiLeaks provided enough detail to recognize some known vulnerabilities.
\u00ab\u00a0One anti-virus researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak,\u00a0\u00bb Graham said in a blog post.
Some security experts said the CIA’s possible use of tools from other spy agencies raised the risk of false attribution for targeted cyber attacks by the U. S. intelligence agency.
He said CIA cyber spying efforts could be set back years.
The CIA and White House declined comment. \u00ab\u00a0We do not comment on the authenticity or content of purported intelligence documents,\u00a0\u00bb CIA spokesman Jonathan Liu said in a statement.
WikiLeaks said it aims to provoke a political and legal debate about the CIA’s cyber arsenal. However, it was holding back, for now, much of the technical documentation that would allow other hackers and cyber criminals to exploit the hacks – while putting vendors on notice to expect further revelations.
The organization said in a statement it is \u00ab\u00a0avoiding the distribution of ‘armed’ cyber weapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should be analyzed, disarmed and published. \u00a0\u00bb
It described sophisticated tools for targeting the devices of individual users, in contrast to the revelations by former National Security Agency contractor Edward Snowden of mass data collection on millions of web and phone users worldwide.
(Editing by David Stamp\/Mark Heinrich)<\/p>\n