What is a Zero day exploit?
A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit application vulnerabilities that are unknown to others or the software developer
A life cycle of the Zero-day exploit
- The developer creates software containing an unknown vulnerability
- The attacker finds the vulnerability before the developer does
- The attacker writes and distributes an exploit while the vulnerability is not known to the developer
- The developer becomes aware of the vulnerability and starts developing a fix.
The problem starts when the developer does not receive information about the exploit, while the applications are exploited. Longer the exploit remains in the hands of a few the more “valuable” and dangerous it becomes.
Economics of the Zero day exploits
A security whole can be around for a long time, unless it is known and fixed or the code causes the whole becomes obsolete. Our old understanding of using software product supported by an active community or a big organization makes you reasonably secured as long as you update the security patch as soon as they comes out. Providing our understanding that zero day exploits are publicly available and do not stay Zero-days for long.
Who wants it?
The vendor whose product is exploited and whats to fix it before Trojans starts building on them.
Security companies updating their signatures databases for new exploits
Hacker groups up for grab or with their own agenda. Unless of course they didn’t find the agenda and they are free to share or not share with anyone else they chose to
And finally the obvious suspects the spy agencies around the world with their own agenda
Who gets it?
I would like to think they comes to the vendors then the security companies and to no one else, but looks like
It is probably nothing new that there always been an interested group of people who would like to get their hands on them for “Legitimate use” to exploit the effected. The more use of the software makes it. As the economics of anything the one who pays the most gets it and may keep using it exclusively for a long time.
News like “US Intelligence Agency Pays $250,000 For iPhone Security Hole” confirms our suspicion.
The price varies from 50$ to quarter a million and probably could be a bigger cash cow for the exploit finder is stays active or stays “Zero-Day” and not fixed.
What do they use it for?
While the finder of the exploit makes a business model out of it, the spy agencies can use them in various scenarios. Can be used against other countries, own people.
Hacker group with agendas can use it to bring down government or private servers they don’t like, or just cash in by stealing personal and financial information of public
Any of these are not good news for the users of “Technology”
How they deploy it?
These exploit could be executed through regular any regular Trojan or network exploit tools targeting or rolling them out in general depending in the purpose. Trojans like Stuxnet-esque Duqu floating around and evolving with new payloads re-enforces the predictions there are more organized hand are behind them. They are so sophisticated and organized that they have their own programming language, makes ever difficult to understand, trace and fight against.
How to protect yourself?
Whether or not the data I old can be useful or “anyone”, I would not like to constantly evaluate my value and take measures to protect myself from being a target. The more organized Zero day exploit market becomes less secured it makes me feel. One cannot always hide themselves behind advanced intrusion detection/prevention firewalls, or stay offline. Maybe having the leverage of being anonymous online could be the only secured option for individuals. More importantly this having a zero day exploit on some platform or application like iOS or chorome can give a country, organization or people enormous amount of power on monitoring, predicting and even controlling and outcome of a social behaviour, which could be scary. Must be a way to control on who can trade these exploits and what they can use it for.
Some of the references:
tag: Zero day exploit, security exploits, data theft, Duqu Trojan, security updates