Incomplete fixes for security flaws make hackers' job easy, Google says

Research from Google shows that hackers can quickly find security flaws in previously patched bugs. Maddie Stone, a security researcher at Google, said that bugs are often only partially fixed allowing for previously undetected flaws, known as zero-day vulnerabilities, to be exploited repeatedly, reports MIT Technology Review. 

Ms. Stone is part of a security team known as Project Zero, which has tracked more than 150 zero-day bugs over the past six years. According to Ms. Stone, security teams often fix software vulnerabilities incompletely, and hackers can get back in by changing a few lines of code or adding a few tweaks.

Ms. Stone said security teams at software firms are often working with limited resources and time, which may contribute to zero-day vulnerabilities. Security teams, she said, are often focused on fixing a specific flaw instead of the root cause of the flaw in its entirety.                                                                                                                                    
"We're not requiring attackers to come up with all new bug classes, develop brand new exploitation, look at code that has never been researched before," Ms. Stone said during a Feb. 16 security conference, according to MIT Technology Review. "We're allowing the reuse of lots of different vulnerabilities that we previously knew about."

More articles on cybersecurity:

Hacker infiltrates Iowa medical group's computer system; 34,000 patients' info exposed
HIPAA Right of Access cases surpass $1M –16 providers that have paid settlements 
30 popular mobile health apps vulnerable to cyberattacks, PHI exposure

 

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Whitepapers

Featured Webinars