It’s not just you. Emergency software patches, in which users are pushed to immediately upgrade phones and computers because hackers have discovered some new way to enter, are becoming more common.
Investigators raised alarm on Monday over one of the big ones: Israeli spyware company NSO Group, which sells programs so governments can take over people’s smartphones and computers, had discovered a new way to virtually any Apple device by sending a fake GIF via iMessage. The only way to prevent this is to install the Apple emergency software update.
These emergency vulnerabilities are called “zero days,” a reference to the fact that they are such an urgent vulnerability in a program that software engineers have zero days to write a patch. Against a hacker with the right zero day, there is nothing consumers can do more than wait to have software updates or abandon their devices.
Considering the high-value cyber weapons that were mostly elite government hackers, zero-day public outreach operations are on the rise. Project Zero, a Google team dedicated to identifying and cataloging zero days, has totaled 44 this year alone, where hackers had probably discovered them before investigators. This is already a sharp increase over last year, which was 25. The number has increased every year since 2018.
Katie Moussouris, founder and CEO of Luta Security, a company that connects cybersecurity researchers and companies with vulnerabilities, said the zero-day rise is thanks to the ad hoc way software is usually programmed, which often deals with security as a consequence.
“It was absolutely inevitable,” he said. “We have never addressed the root cause of all these vulnerabilities, which is not building security from scratch.”
But almost paradoxically, the zero-day increase reflects an online world in which certain people are more vulnerable, but most are safer from hackers.
The Citizen Lab, the University of Toronto’s cybersecurity research center that discovered the vulnerability Monday, only saw it because it was examining the iPhone of a Saudi dissident. And the lab was inclined to look for him because it has found Saudi Arabia repeatedly using OSN spyware to target dissidents in the kingdom, including associates of columnist Jamal Khashoggi of the Washington Post.
But while the people targeted by the Saudi government should be on extremely high alert, most people can be safer. Because major operating programs tend to have better security stops, it means that hackers often have to acquire and use one or more zero-day exploits to gain full control of people’s smartphones, Maddie Stone said. , security researcher at Project Zero.
Most people are more concerned about important data leaks from private companies.
“A lot of people don’t have to worry [zero days] on a day-to-day basis, “Stone said in a phone call. on a much larger scale “.
Of course, users still need to upgrade their phones to have that security, especially because the news of a new zero day can inspire more hackers to do reverse engineering to access any phone that has an earlier version of their operating system.
“I think we need to care more about ourselves in public,” Stone said. Because, while fewer people can be hacked, “cases of zero-day attacks tend to have a much greater impact.”