What is a zero-day?

We answer your security question, “What is a zero-day?”

Here’s a hint: ‘zero’ is how much notice you get that this attack is coming.

Watch here:

 

Surprise

Doug locks his house to keep burglars out.

He knows they can jimmy his front door or break a window, so he installed a security alarm and cameras.

But he doesn’t know that there’s a hidden door in his basement, behind an old dresser.

And that’s how the burglar gets in.

That is like a zero-day in the digital world, a surprise security hole that people now have to patch — often, when it’s too late.

Many Secret Doors

Unlike Doug’s basement, your digital house is a catacomb of unexplored doors and tunnels.

And cyber crooks are busy unlocking and infiltrating.

Luckily, researchers are, too, trying to find the zero-days before the bad guys do.

Last week, reports said attackers used a zero-day flaw in the messaging service WhatsApp to spy on people.

The attackers discovered that all they had to do was make a call and they could put spyware on your phone.

 

Icon for zero-day victim WhatsApp
Attackers used a zero-day flaw in WhatsApp to put spyware on people’s phones, reports said. Image: LoboStudioHamburg

Last month, a researcher reported a zero-day flaw in the TP-Link SR20 smart hub and home router that some people use to run their smart homes.

The bad guys could use the flaw to take over your smart home from the inside out, according to the researcher’s report.

Big Zero-Days 

On a larger scale, attackers used a zero-day flaw to get into the safety system at an industrial plant in the Middle East in 2017, giving them the opportunity to cause damage at the plant.

A number of companies fix the flaws right away when they learn about zero days in their products, but some do not, leaving you vulnerable.

What can you do?

Keep up good security habits so they’re less likely to affect you.

If you make your passwords strong and use two-factor authentication, you’re less likely to  get hurt.

Use a password manager to keep track of those long, strong passwords.

And before you buy a smart device, do research to see how the maker responds to zero-days.

Do they patch them up, or do they leave you hanging?

For example, WhatsApp said it fixed the spy vulnerability and asked people to update their apps.

But the researcher who found the TP-Link security hole said TP-Link did not respond when he told them about the problem.

 

See more answers from Archer News:

What is a honeypot?

What is Shodan?

What is ICS?

What is a DDoS?

 

Main image: Roulette wheel with ball on zero. Image: PIRO4D



Leave a Reply