Click to Skip Ad
Closing in...

Google says many Android exploits detailed in WikiLeaks CIA files are already fixed

Published Mar 9th, 2017 7:30AM EST
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

On Wednesday, a security expert noted that hundreds of millions of Android users are at risk following recent revelations resulting from the cache of top-secret CIA documents exposed by WikiLeaks. The documents appear to detail various hacking tools used by the CIA to exploit vulnerabilities in smartphones, tablets, computers, wireless routers, cars and other devices, allowing the agency to spy on people without their knowledge.

In typical WikiLeaks fashion, the site was far more concerned with exposure and making a splash than it was with actually helping anyone. So instead of working with the companies impacted by the vulnerabilities detailed in the CIA documents, as is customary when software vulnerabilities are identified, WikiLeaks simply released approximately 8,000 pages of allegedly leaked documents. Now companies are left to pick up the pieces as quickly as they can, and Google is the latest to address the massive leak.

Apple was quick to respond to the WikiLeaks dump of various internal CIA documents that appear at this point to be authentic. The documents detail dozens of hacking tools used by the agency to spy on people, but they also cover specific vulnerabilities in various devices and in several widely used operating systems, such as Windows, macOS, Android and iOS.

In its official statement, Apple said that “many of the issues” detailed in the leaked CIA documents have already been addressed in modern versions of the iOS operating system. The company also said that it is working to analyze and fix any remaining security holes that need to be patched, though no timeline was given. BGR exclusively spoke with a well-known iOS hacker on Wednesday, who is of the opinion that nothing detailed in the CIA files impacts iPhones with the most current version of iOS installed.

Now, Google has followed Apple’s lead, offering some good news to both Android and Chrome OS device users.

“As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities,” said Heather Adkins, Google’s director of information security and privacy, in a statement to ZDNet. “Our analysis is ongoing and we will implement any further necessary protections. We’ve always made security a top priority and we continue to invest in our defenses.”

The good news for many Android users is that the threat to modern devices appears to be minimal. The problem is devices running older versions of the Android OS, which still appear to be exposed to many of the vulnerabilities detailed in the leaked CIA documents. While iPhones and iPads have access to Apple’s new software updates the moment they are released, many Android devices don’t gain access to updates for months or even more than a year after they are released.

As we explained on Wednesday, according to Google’s own data, there are still hundreds of millions of smartphones and tablets in use that run Android 4.4 and older versions of Android. All of those devices may still be at risk, and it’s unclear when or even if Google plans to patch older versions of its mobile OS in order to secure them from the various hacking tools at the CIA’s disposal.

Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 15 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.