Security researchers regularly reveal software vulnerabilities that hackers may have exploited, or even exploited in the past. In some cases, there are software issues that have not been used to hack or spy on users. In others, scientists identify malware and hacks that are actively used in the wild. As they release information about the attacks, the companies whose code was attacked have already released updates to fix the issues. And security researchers usually point out when they think the hacks are too sophisticated for a regular hacker to withdraw.
Google runs a notorious security team at Project Zero that analyzes all kinds of operating systems and products for vulnerabilities. Since January, the team has been producing research highlighting 1
Today’s top offer Amazon buyers are nuts for this 22-piece screwdriver set for sale for just $ 22 Price:$ 21.99 Available from Amazon, BGR can receive a commission Available from Amazon BGR can receive a commission
Whenever hackers backed by US rivals are responsible for recently discovered attacks, some researchers will go out and say that the hacks originated in China, North Korea or Russia. But Google’s Project Zero did not point the finger as they exposed these 11 zero-day bugs. The decision to end the cyber attack by a Western ally apparently caused some controversy in Google, MIT Technology Review have figured it out.
It is unclear which Western government had used the sophisticated attack or what kind of counter-terrorism they were waging. The MIT the report indicates that Google may have intentionally omitted the identity of the attackers. Google may know exactly who the hackers are and what the operation was. It is also unclear whether Google alerted the attackers before revealing the zero-day vulnerability in public.
Some Google employees have apparently argued that counter-terrorism should be out of bounds when it comes to disclosure. Others say that Google had the rights to protect the company’s products from imminent attacks that could harm end users. Google defended its actions in a statement:
Project Zero is dedicated to finding and patching 0-day vulnerabilities, and posting technical research designed to advance the understanding of new security vulnerabilities and exploitation techniques across the research environment. We believe that sharing this research leads to better defensive strategies and increases safety for all. We do not perform attribution as part of this survey.
The attackers used “watering holes” techniques that have never been seen to inject unknown websites with malicious software and deliver them to targets running Chrome and Safari on Android, iPhone and Windows devices. The attackers took advantage of the 11 zero days in just nine months, from February 2020. The level of attack and the speed of the attack is what bothered the researchers.
It told a former senior intelligence service in the United States MIT that Western operations are recognizable, and it is because of local laws that affect what spy agencies can and cannot do:
There are certain features of western operations that are not present in other devices … you can see it translated into code. And this is where I think one of the most important ethical dimensions comes in. How to deal with intelligence activity or law enforcement activity conducted under democratic supervision in a legally elected representative government is very different from an authoritarian regime.
The audit is baked into Western operations at the technical, tradecraft and procedural level.
It is unclear to what end the counter-terrorism operation may have been paralyzed, and these are the kind of secrets that will probably never be revealed to the public. The fact that so many vulnerabilities were discovered as quickly as possible is still troubling, as other skilled hackers may have found and exploited them – this is ultimately why Google chose to disclose the information. The silver lining of these revelations is that Western spies target specific groups of people, which means that most Android, iPhone and Windows users will not be affected.
As always, when revealing software vulnerabilities, the best course of action is to install all available operating system updates and to update all apps. The MIT Technology Reviews The story is worth reading in its entirety – it is available at this link.
Today’s top offer Cook the perfect steak and chicken every single time with this brilliant $ 34 Amazon find! List price:$ 49.99 Price:$ 33.99 You save:$ 16.00 (32%) Available from Amazon, BGR can receive a commission Available from Amazon BGR can receive a commission