It looks like WikiLeaks won't play it nice. The anti-secrecy organisation told last week that it would share the CIA hacking tools that affected a handful of major tech companies. While it was unclear at that time how WikiLeaks would cooperate with the companies, the group's founder Julian Assange finally made his intentions clear this week – no sharing of vulnerabilities until certain demands are met.
As promised, WikiLeaks made the initial contact by sending an email to Apple, Google, Microsoft and all other companies mentioned in the leaked documents. However, instead of disclosing the relevant data, it made certain demands that the affected tech companies need to fulfill before gaining access to the technical details and code of the hacking tools WikiLeaks has in its possession, Motherboard reported, citing sources familiar with the matter.
Although the exact conditions are still unknown, a source told Motherboard about a 90-day disclosure deadline, which would require companies to deploy a patch within three months of receiving the technical details.
Although some of the affected companies said that recent security updates had already fixed the issues mentioned in the WikiLeaks documents, they would probably like to check out WikiLeaks has in store to ensure proper deployment patches.
Tech companies are saying they need more details of CIA attack techniques to fix them faster. Should WikiLeaks work directly with them?
— WikiLeaks (@wikileaks) March 8, 2017
However, due to potential legal issues and lack of intent from CIA to reveal the exploits itself, the tech companies are in a dilemma on whether to obtain details from the highly-classified documents that are also suspected to have been leaked to WikiLeaks by the Russian government.
"WikiLeaks and the government hold all the cards here, there's not much the tech companies can do on their own besides rabidly looking through their code to look for any issues that might be related," a source told Motherboard.