Incomplete fixes for security flaws make hackers' job easy, Google says

Listen

Research from Google shows that hackers can quickly find security flaws in previously patched bugs. Maddie Stone, a security researcher at Google, said that bugs are often only partially fixed allowing for previously undetected flaws, known as zero-day vulnerabilities, to be exploited repeatedly, reports MIT Technology Review. 

Ms. Stone is part of a security team known as Project Zero, which has tracked more than 150 zero-day bugs over the past six years. According to Ms. Stone, security teams often fix software vulnerabilities incompletely, and hackers can get back in by changing a few lines of code or adding a few tweaks.

Ms. Stone said security teams at software firms are often working with limited resources and time, which may contribute to zero-day vulnerabilities. Security teams, she said, are often focused on fixing a specific flaw instead of the root cause of the flaw in its entirety.                                                                                                                                    
"We're not requiring attackers to come up with all new bug classes, develop brand new exploitation, look at code that has never been researched before," Ms. Stone said during a Feb. 16 security conference, according to MIT Technology Review. "We're allowing the reuse of lots of different vulnerabilities that we previously knew about."

 

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars