Wikileaks' Vault 7: What Are 'Zero Day' Vulnerabilities?

A lot of terms on cyberhacking are thrown around these days, especially after the Wikileaks report regarding software tools the CIA used to break into smartphones, computers and TVs.

"Vault 7" Leaks

The new series of leaks was codenamed "Vault 7" and the first full part of the series released on Tuesday was called "Year Zero." The disclosure made a mention of something called "zero day" weaponized exploits that were used to hack into products of U.S. and European companies, including Apple Inc. AAPL, Alphabet Inc GOOGLMSFT and Samsung.

What "Zero Day" Vulnerabilities Mean?

A "zero day" vulnerability is a hole in a software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware of it and attempts to fix it. This is termed as "zero day" attack, with the phrase "zero day" referring to the unknown nature of the hole to people other than the hackers.

The hacker exploits the vulnerability by attacking with infiltrating malware, spyware or allowing unwanted access to user information.

Cybersecurity firm FireEye Inc FEYE outlines on its website a timeline for vulnerability:

  • A company develops a software, which although possesses a vulnerability unknown to them.
  • The hacker spots the vulnerability before the developer does or acts on it before the developer has a chance to fix it.
  • The hacker writes and implements exploit code while the vulnerability is still open.
  • Once the exploit is released, the public identifies it as an identity or information theft or the developer catches it and creates a patch to fix it.

Thus, CIA's "zero day" exploits are the result of a lengthy ordeal of poring over several thousands of lines of codes, probing of software and applications with an array of reverse engineering tools and techniques to reveal some crack.

See Also:

WikiLeaks: The CIA 'Weaponized' Apple, Samsung And Microsoft Products For Surveillance Purposes

Source Confirms Part Of WikiLeaks Report; Here's What You Should Know

Market News and Data brought to you by Benzinga APIs
Comments
Loading...
Posted In:
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!