On 6/2, Robert O'Harrow Jr. wrote a very interesting article for the Washington Post on zero-day exploits. A zero-day exploit is a previously undiscovered vulnerability in a computer system which allows a hacker to exploit that system. In the article, O'Harrow Jr. covered the efforts by one whitehat hacker to find a zero-day exploit in the iPhone's operating system. The whitehat's methods were particularly interesting; he devised an intricate system for finding the zero-days by "fuzzing" the iPhones and forcing them to crash. In the end, the whitehat ending up successfully breaking into the iPhone and winning a hacking competition.
Apple ended up patching the vulnerability, but I don't think that's really the point. Unlike the whitehat hacker mentioned in this WashPo article, blackhats will seek out zero-days with less than noble intentions, and they will successfully exploit them. At the end of the day, should we just assume that our systems will be comprised?
Leave a Reply