The Flaws that Allow Hackers to Remotely Access Cars | Cyberwar

VICE News20 minutes read

Zero days are vulnerabilities in software that can be exploited for attacks, discovered by researchers like Charlie Miller in Chrysler models. These vulnerabilities can be sold for high prices, with bug bounties offered by companies like Chrysler, raising ethical concerns about government and law enforcement involvement in the market.

Insights

  • Zero days are undisclosed software vulnerabilities that can be exploited by attackers, posing serious risks to systems like vehicles, as seen with Charlie Miller's discovery in Chrysler models.
  • The zero day market involves a complex ecosystem where vulnerabilities are bought and sold, with significant sums changing hands, impacting decisions on disclosure, government use, and ethical considerations around privacy and security.

Get key ideas from YouTube videos. It’s free

Recent questions

  • What are zero days in software?

    Unknown vulnerabilities exploited for covert attacks.

Related videos

Summary

00:00

Uncovering Zero Day Vulnerabilities: A Closer Look

  • Zero days are unknown vulnerabilities in software that can be exploited for covert attacks.
  • These vulnerabilities can be found by individuals, hired experts, or malicious attackers.
  • Charlie Miller, a renowned security researcher, discovered a significant zero day in Chrysler models that allowed remote hacking.
  • The vulnerability in Chrysler models could disable brakes and control steering remotely.
  • Car companies are often unaware of such vulnerabilities and may not respond promptly to fix them.
  • Bug bounties are rewards offered by companies like Chrysler for finding and reporting software vulnerabilities.
  • Zero days can be sold for high prices to software vendors, security companies, or spy agencies.
  • Hackers at conferences like Pwn2Own compete to find and exploit zero days in software like Adobe Flash.
  • Zero days can be bought and sold in online forums, but top researchers often work with brokers for higher payouts.
  • Governments and software companies pay significant amounts for zero days to patch vulnerabilities and use them for targeted hacking.

15:30

Zero day vulnerabilities: lucrative market and risks

  • Zero days, unpatched software flaws, can be lucrative, with the highest payment received being $15,000 for one bug bounty program.
  • The decision to report a zero day vulnerability to the software vendor or sell it to an agency is influenced by current events like terrorism and government actions.
  • The US government uses zero day exploits for various purposes, including intelligence gathering, but there are guidelines on when to disclose vulnerabilities to software vendors.
  • Privacy activists raise concerns about the government's role in the zero day market, highlighting potential misuse by law enforcement and the militarization of technology.
Channel avatarChannel avatarChannel avatarChannel avatarChannel avatar

Try it yourself — It’s free.