Security researchers regularly uncover software vulnerabilities that hackers can exploit or have even exploited in the past. In some cases, they are software issues that did not hack or spy on users. In other cases, researchers identify malware and hacks that are actively used in the wild. By the time they release information about the attacks, the companies whose code was attacked have already released updates to address the issues. And security researchers usually point it out when they believe the hacks are too sophisticated for a normal hacker to perform.
Google runs a notorious security team at Project Zero that analyzes all types of operating systems and products for vulnerabilities. Since January, the team has conducted research that highlighted 11 zero-day exploits is used to compromise Android, iPhone and Windows. Project Zero was a scientist back in January pointed out the sophistication of attacks that used previously unknown vulnerabilities in Chrome and Safari code. It turns out that the hackers behind the campaign that Google found came from a nation-state. You were part of a counterterrorism operation initiated by a Western ally, and the operation was still ongoing when Project Zero began uncovering the software issues.
Today’s top offer Amazon buyers are crazy about this 22-piece screwdriver set, which is available for just $ 22 Price:$ 21.99 BGR is available on Amazon and may receive a commission Available at Amazon BGR can receive a commission
Whenever hackers backed by US rivals are responsible for a newly discovered attack, some researchers say the hacks came from China, North Korea, or Russia. However, no fingers were shown in Google’s Project Zero while these 11 zero-day errors were exposed. The decision to end a Western ally’s cyberattack apparently sparked some controversy within Google. MIT Technology Review has discovered.
It is unclear which Western government used the sophisticated attack or what type of counterterrorism they carried out. The WITH The report indicates that Google may have deliberately omitted the identity of attackers. Google may know exactly who the hackers are and what the operation was like. It is also unclear whether Google notified the attackers before the zero-day vulnerabilities were publicly disclosed.
Some Google employees appear to have argued that counter-terrorism should be out of bounds in terms of disclosure. Others say Google was within its rights to protect the company’s products from impending attacks that could harm end users. Google defended its actions in a statement:
Project Zero is dedicated to finding and patching 0-day vulnerabilities and publishing technical research to improve understanding of novel vulnerabilities and exploitation techniques across the research community. We believe that sharing this research will lead to better defense strategies and increase security for all. We are not performing any attribution as part of this research.
The attackers used never-before-seen “watering” techniques to inject malware into unknown websites and deliver it to targets running Chrome and Safari on Android, iPhone and Windows devices. The attackers took advantage of the eleven zero days in just nine months from February 2020. The level of sophistication and speed of the attack worried the researchers.
A former senior US intelligence official said WITH that western operations are detectable, and that’s because of local laws affecting what spy agencies can and cannot do:
There are certain characteristics in western operations that are not present in other entities. You can see they are being translated into code. And here, in my opinion, one of the most important ethical dimensions comes into play. How to deal with intelligence or law enforcement activities conducted under democratic oversight within a legally elected representative government is very different from that of an authoritarian regime.
The oversight is burned into Western operations on a technical, manual and procedural level.
It is unclear for what purpose the counter-terrorism might have been crippled, and these types of secrets are unlikely to be revealed to the public. The fact that so many vulnerabilities were discovered so quickly is still problematic as other skilled hackers may have found and exploited them – which is why Google ultimately decided to divulge the information. The silver lining of these revelations is that Western spies were targeting specific groups of people, which means most Android, iPhone, and Windows users shouldn’t be affected.
As always, the best course of action for disclosing software vulnerabilities is to install all available operating system updates and update all apps. The MIT Technology Review’s The story is worth a full read – it is available with this link.
Today’s top offer Cook perfect steak and chicken every time with this brilliant $ 34 Amazon find! List price:$ 49.99 Price:$ 33.99 You save:$ 16.00 (32%) BGR is available on Amazon and may receive a commission Available at Amazon BGR can receive a commission