What is a zero-day?
- May 23, 2019
- Posted by: Kerry Tomlinson, Archer News
- Category: Archer News, Ask Archer, Cyber Crime, Cyberattack, Hacking, Industrial Control System Security, Mobile Devices, Posts with image, Smart Devices, Vulnerabilities
We answer your security question, “What is a zero-day?”
Here’s a hint: ‘zero’ is how much notice you get that this attack is coming.
Doug locks his house to keep burglars out.
He knows they can jimmy his front door or break a window, so he installed a security alarm and cameras.
But he doesn’t know that there’s a hidden door in his basement, behind an old dresser.
And that’s how the burglar gets in.
That is like a zero-day in the digital world, a surprise security hole that people now have to patch — often, when it’s too late.
Many Secret Doors
Unlike Doug’s basement, your digital house is a catacomb of unexplored doors and tunnels.
And cyber crooks are busy unlocking and infiltrating.
Luckily, researchers are, too, trying to find the zero-days before the bad guys do.
Last week, reports said attackers used a zero-day flaw in the messaging service WhatsApp to spy on people.
The attackers discovered that all they had to do was make a call and they could put spyware on your phone.
The bad guys could use the flaw to take over your smart home from the inside out, according to the researcher’s report.
On a larger scale, attackers used a zero-day flaw to get into the safety system at an industrial plant in the Middle East in 2017, giving them the opportunity to cause damage at the plant.
A number of companies fix the flaws right away when they learn about zero days in their products, but some do not, leaving you vulnerable.
What can you do?
Keep up good security habits so they’re less likely to affect you.
If you make your passwords strong and use two-factor authentication, you’re less likely to get hurt.
Use a password manager to keep track of those long, strong passwords.
And before you buy a smart device, do research to see how the maker responds to zero-days.
Do they patch them up, or do they leave you hanging?
For example, WhatsApp said it fixed the spy vulnerability and asked people to update their apps.
But the researcher who found the TP-Link security hole said TP-Link did not respond when he told them about the problem.
See more answers from Archer News:
Main image: Roulette wheel with ball on zero. Image: PIRO4D