Google announced Project Zero back in 2014 in a quest to make the internet more secure by researching software exploits and informing affected developers about them. The company soon adopted a 90-days public disclosure deadline in order to speed up the patching process. In 2020, this policy will change just a little bit. Previously, vulnerabilities were published as soon as developers fixed them, but now, Google will always wait the full 90 days until it reports to the public. That's meant to ensure that patches have rolled out to more users before potential bad actors know about the exploits, thus leaving fewer people vulnerable. Read More
In this modern digital world, we’re often most concerned with remote hacks and scams when it comes to device security — but physical access to a device can provide a major opportunity to a targeted attacker. That's the case with a set of (thankfully fixed) vulnerabilities found by Google's Project Zero team, which require access to a device's USB port. If you're a security buff, you might remember this from the September 2018 security patch, noted briefly as an issue that could "enable a local attacker to bypass user interaction requirements to gain access to additional permissions." Read More
A report from The Register yesterday claimed that Windows and Linux developers were scrambling to fix a "fundamental design flaw in Intel's processor chips." The flaw theoretically allows any program to view the layout or contents of protected kernel memory areas, which often contain passwords, login keys, cached files, and other sensitive data. Even a web app could potentially read kernel-protected data. Read More
Calling all hackers and security researchers: Google wants to pay you money. Quite a lot, in fact. The top prize for finding a new critical flaw in Android in the new Project Zero Prize competition is a whopping $200,000, with the second prize at $100,000 and $50,000 split among additional entrants. The contest is being run by Project Zero, the company's own internal team of security researchers that documents critical flaws and bugs in wide-reaching software. Read More
We all know that Samsung is working on what will eventually be known as the Galaxy S6. This isn't news. If anything, it ranks right under a new iPhone coming out as something your average passerby expects to happen in 2015.
What's interesting is figuring out what that new device is going to look like. SamMobile has provided a set of expected specs that, while we can't verify them ourselves, we're inclined to trust. SamMobile has a good track record, and it stands to reason that it has reliable sources. Plus the site has listed numerous model numbers that look, without knowing for certain, believable to our eyes. Read More
Let's face it, as the world becomes more dependent on computers and the Internet for the functions of day-to-day life, security will become ever more important. Clearly encouraged by employee Neel Mehta's discovery of Heartbleed, Google has decided to do more in the area of Internet security. To help combat this ever increasing problem, they're offering up Project Zero. Essentially, Google will begin hiring "the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet." Their work will not be limited to just Google products, but will instead be focused on "any software depended upon by large numbers of people." Read More