ajw6859

Zero-day Exploits

What is a Zero-Day Exploit?

A zero-day vulnerability is a type of exploit that has been discovered but has not yet been patched; A zero-day exploit is when you exploit a zero-day vulnerability. Zero-day exploits are very problematic because if any or many cyber criminals become aware of the vulnerability it could be extremely detrimental to any parties involved.

Government Involvement

Government involvement is a notoriously complicated issue and it continues to be complicated in this subject area as well. The job of the government is ultimately to keep its constituents safe, and I believe that having access to these exploits will help achieve that goal. However, it is important to note that this would also be an extremely risky endeavor. The amount of power behind our government mixed with the potential for exploitation of sensitive information makes for a dangerous situation. It is a high stakes, high reward type of situation but there is too much to risk. Also we only know as much about the government as they are willing to tell us, meaning, we don’t know the full extent of what goes on within any government agency. This lack of transparency in addition to general skepticism for the government makes me feel pessimistic about the outcomes of them having access to zero-day exploits.

How Could it Go Wrong?

A more extreme example of what could result from government access to zero-day exploits is one that involves the Chinese Government. They recently used an exploit in apple devices to spy on Uyghur Muslim citizens. They used the exploit to further oppress a whole group of people and advance their own political agenda. Additionally, the government could neglect to alert the appropriate players of the vulnerability if it benefits them to leave it unpatched. As much as I would like to think our government operates on integrity, I know there would be a high probability of them utilizing exploits for their own gain. There have been recorded incidents of the American government stockpiling exploits for their own personal gain; Stuxnet, vulnerabilities in systems belonging to some of securities most major players, and heartbleed. Stuxnet is the most famous of those attacks, but the others were used for general monitoring and information gathering. The government using exploits to gain access to data or even conduct surveillance is a huge violation of citizen’s privacy. While they may be able to exploit these vulnerabilities undetected, not patching them leaves other unknowing citizens vulnerable to more malicious parties.

What Can you Do?

Technology and cybersecurity will constantly be changing forever and as such we as professionals are responsible for keeping ourselves and others as safe as possible. It is important that you keep your software up to date, so that if a vulnerability arises you are protected by any patch that is implemented. It also may be beneficial to use a VPN so that your traffic is encrypted. Overall the best thing you can do to keep yourself safe is to stay vigilant and educated on important cyber issues.

  • Allison Wright