Project Zero: Google’s Secret Team of World-Class Hackers, Hunting Zero-Day Vulnerabilities

by Istvan Fekete on July 16, 2014

George Hotz’s name first became known after he cracked AT&T’s lock on the iPhone back in 2007. He was 17 at the time and the carrier officially ignored him, while surreptitiously ensuring the weaknesses he exposed were rectified. He subsequently reverse engineered the Playstation 3, which earned him a lawsuit from Sony. The parties only settled after Hotz has agreed to never hack a Sony product ever again.

There’s more: Hotz uncovered the flaws in Google’s Chome browser earning him a $150,000 reward. Two months later Google’s security engineer Chris Evans emailed him with an offer: would you like to join an elite team of full-time hackers paid to hunt security vulnerabilities in every popular piece of software that touches the internet?

The team worked in secret, until yesterday, when Google publicly announced the team and its mission-tracking down and neutralizing the most insidious security flaws in the world’s software. The hackable bugs are called “zero-day” vulnerabilities, and are exploited by criminals, state-sponsored hackers and intelligence agencies.

The secretive team works under the name of “Project Zero” and the hackers remit isn’t just exposing bugs only in Google’s products, but also scrutinizing software whose zero-days can be unearthed and demonstrated. The reason: to pressure other companies to better protect Google users, the search giant says.

“People deserve to use the internet without fear that vulnerabilities out there can ruin their privacy with a single website visit,” says Evans, a British-born researcher who formerly led Google’s Chrome security team and will now helm Project Zero. (His business cards read “Troublemaker.”) “We’re going to try to focus on the supply of these high value vulnerabilities and eliminate them.”

Project Zero already has the cream of hackers: New Zealander Ben Hawkes, English researcher Tavis Ormandy, George Hotz (as mentioned) and Switzerland-based Brit Ian Beer-and it’s still hiring.

Privacy focused technologist Chris Sogoian believes Project Zero is Google’s effort logical response to the vexing problem of governmental invasion of privacy. He highlights a famous blog post penned by a Google security engineer-and it seems like his anger is shared by the whole security team at Google.

Did you like this post? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Istvan Fekete. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Previous post:

Next post: