Science and Tech

Actions

Google Reveals 'Project Zero' Cybersecurity Dream Team

An elite team of security specialists will work to keep the Internet free from exploits, like a pack of nerdy superheroes.
Posted

An elite team of hackers and cybersecurity researchers all under one roof, protecting denizens of the internet from viruses — yep, sounds like the plot of a B movie, but it's actually a new division at the tech giant Google.

It's called Project Zero. And Google says the group will aim to protect users from what are known as "zero day vulnerabilities," hence the name.

Chris Evans, a Google security engineer, wrote on the company's blog that people "should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect [their] computer, steal secrets or monitor [their] communications."

The team thus far consists of a star-studded international roster — at least in the cybersecurity world. 

​First up is George Hotz, or geohot, an American hacking prodigy who made headlines for cracking AT&T's lock on the iPhone and Sony's Playstation 3 — which they weren't exactly happy about. (Via YouTube / geohot)

"Yo, it's geohot. And for those that don't know, I'm getting sued by Sony." (Via YouTube / geohot)

New Zealander Ben Hawkes was already part of the Google Security Team and has found exploits in both Adobe Flash and Microsoft Office apps. (Via YouTube / Ruxcon Mc'Gavin)

Tavis Ormandy, from England, has been working for Google as a cybersecurity researcher and found flaws in antivirus software that actually put users at more risk. (Via YouTube / defconswitzerland)

And the fourth member, Ian Beer, was linked to Project Zero earlier this year when his name showed up on an Apple security update thanking "Ian Beer of Google Project Zero" for finding a handful of exploits. 

But what exactly are these "zero day" vulnerabilities that these internet superheroes and Google want to protect us from? 

PC Tools defines a zero day vulnerability as a "hole in software that is unknown to the vendor" and is then "exploited by hackers before the vendor becomes aware and hurries to fix it."

One of the most recent examples of a zero day vulnerability would be the Heartbleed exploit, which was a bug that existed in the OpenSSL encryption software since it was released, or since day zero, and was found by a hacker before it was found by the developers.

In an interview with Wired, Hawkes says that the team's goal is to kill bugs faster than they're created in new code. To do this, they'll use "bug collisions" where killing one part of an exploit destroys the whole bug.

"We’re optimistic we can fix the bugs faster than they’re being introduced. ... If you funnel your research into these limited areas, you increase the chances of bug collisions."

Business Insider says Project Zero isn't just going to be looking for bugs in Google products either. "The team will be free to roam the entire web to find vulnerabilities in any product."

​And if you're interested in fighting the good fight on the internet with Google, Evans says they are hiring — if you have the chops.