How significant is this development?
It should be quicker for the software makes to find and patch the security holes than for the hackers to develop and issue viruses that take advantage of those holes. But you’ll want to watch for and keep up to date on updates for any networked device that you own for the next month or so.
From the CIA’s standpoint, presumably the main issue will be that they’ll start going blind globally, as people start to update their software. Without knowing how much of their Intel depends on software hacks, I couldn’t say how big the impact is to them.
Shouldda posted a link:
There are going to a lot of devices with holes that will remain unpatched.
Cell phone companies declare a model “old” in a remarkably short period of time and don’t issue updates. Some makers don’t even issue security patches at all. What you have on the phone is what you get … forever. And since Android phones are so incredibly common, a lot of people are at risk of miscreants.
(Since Cyanogenmod vaporized, installing your own updated Android OS on these is getting harder.)
Many IoT devices are also either unpatchable or unlikely to be patched. A lot those “smart” things are just waiting to be exploited. And it’s not just that your thermostat can get be messed with, it can be used as a vector to penetrate the rest of your network.
I have a router that I need to replace since the maker has decided it’s too old to support despite not being at all old. Grrr.
And routers are a persistent vulnerability hazard anyway. And once breached a Black Hat can do all sorts of things on your network.
Even with devices that will have patches issued, history has shown that a high number of them will never be patched. Both businesses and individuals just don’t care that much if their machines are sending out spam, doing fake ad clicks, distributing files, etc.
It gets better.
WikiLeaks will share CIA hacking details with companies, but can they use it?
Talk about a tough place to be. It’s virtually guaranteed that since the info is now ‘in the wild’ it will rapidly spread to people and organizations who are much less well-intentioned than the CIA.