Inside The Foggy, Shady Market For Zero-Day Bugs
The new episode of CYBERWAR explores the sometimes foggy and shady market of “zero days,” unknown software vulnerabilities that can be used to hack you.
Earlier this year, the FBI abruptly ended a months-long acronymous legal battle with Apple to unlock the iPhone of a dead terror suspect. The bureau hasn't told anyone that much about how it finally got into the phone, but experts assume someone gave the feds a way in thanks to an unknown vulnerability, or "zero-day."
The term zero-day can be used for two slightly different things. There are zero-day bugs, which are flaws in a software that even its developer doesn't know about, and zero-day exploits, which are hacking techniques designed to take advantage of the aforementioned bugs.
Both are highly valuable commodities in the world of cybersecurity. Security consultants use them to test companies' defenses and help them improve their protections, vendors themselves reward friendly hackers who find and report them, and middlemen buy them for hundreds of thousands—sometimes even one million dollars—to then sell them to law enforcement and spy agencies such as the NSA use them to hack into valuable targets.
In the last few years, the market for zero-days has been a highly controversial topic in the hacking world. For some, unknown flaws should always be reported so that they can get fixed and everyone is safer. For others, it's OK if the good guys use the flaws in secret to go after the bad guys. Seemingly nobody agrees on what should be done with zero-days, in part, perhaps, because the gray market for them is so secretive.
For the debut episode of the new season of VICELAND's series CYBERWAR, VICE Canada reporter Ben Makuch tried to pierce this veil of secrecy.
The episode, "The zero-day Market," aired on October 25, but if you are in the US or Canada, you can watch it online here. Tune in to the rest of CYBERWAR's episodes every Tuesday at 10:30P ET/PT on VICELAND.
And if you want to dig even deeper into the intriguing world of bug hunting, read some of Motherboard's best articles about zero-days:
- Government Hackers Caught Using Unprecedented iPhone Spy Tool
- NSA's Hacker-in-Chief: We Don't Need Zero-Days To Get Inside Your Network
- What We Know About the Exploits Dumped in NSA-Linked Hack
- How Hackers Are Making the Internet and the World a Safer Place
- The FBI May Be Sitting on a Firefox Vulnerability
Get six of our favorite Motherboard stories every day by signing up for our newsletter.