A vast portion of the CIA’s computer hacking arsenal was exposed on Tuesday by WikiLeaks. The anti-secrecy organization posted thousands of files revealing known exploits and device vulnerabilities used by the CIA to convert devices such as smartphones and televisions into tools of espionage.

WikiLeaks labeled the trove of files “Vault 7” and said that it contains several hundred million lines of code, many of which are designed to exploit vulnerabilities in everyday consumer devices.

Likened to the Snowden files, which revealed massive surveillance programs, the CIA documents appear mainly to unmask hacking methods.

Some are worried that WikiLeaks could undermine the CIA’s ability to carry out key parts of its mission, from targeting terrorist networks to penetrating the computer defenses of adversaries like Russia.

Do the CIA mobile hacks pose a threat to business?

The Wandera threat research team have been trawling through these documents since the moment they were published, which span more than 8,000 files and other items. We understand that much of the information disclosed dates back to the start of 2016 and earlier, meaning many of the vulnerabilities will concern older devices and outdated versions of operating systems. On this basis, the expectation is that the vulnerabilities published are unlikely to pose any new threat to the vast majority of organizations, and that many of the exploits will have already been identified and fixed by security vendors like us, or by the technology firms themselves.

We do however, take this news extremely seriously, and are doing everything possible to ensure Wandera customers remain protected from every known threat as they emerge.

Some of the leaked documents point to new vulnerabilities in IoT devices, such as those found in the home. It also uncovers how modern security thinking from the CIA considers both network (data-level) and end-point (device-level) infrastructures as potential targets for attackers, especially at points where data has been shared unencrypted.

Keeping an intelligent eye on mobile data

It’s with this in mind that Wandera’s unique gateway architecture was engineered. It also informs the development of MI:RIAM, our mobile intelligence engine that detects and flags new vulnerabilities and possible threats. This means that not only is Wandera able to identify zero-day threats, but can also instantly respond to new information published and shared by other organizations.

Using MI:RIAM and other technologies, we detect new vulnerabilities on a regular basis. The most of important of these are shared with the corporations and tech companies involved, following conventional responsible disclosure guidelines. Only on very rare instances will we distribute our discoveries more widely, in the interests of our customer base. You can view a selection of these in our threat advisory section, or in our recent ‘Panama Papers’ release.

The delicate balance of privacy and protection

It’s no surprise that the CIA finds vulnerabilities like those shared this week. We know that the security frontier is a never-ending race between security vendors, technology firms, hackers and government agencies. What the CIA must now consider is whether it strikes the right balance between protecting civilians and exposing criminals. Wandera’s role will be to identify and prevent as many of these threats as possible, and respond to what has become an unpredictable and quick-changing mobile security landscape.