Google’s Project Zero: What is it?
Google’s Project Zero is its newest baby. The project consists of an elite team of hackers that will essentially act as an internet patrol squad that will use their skills to help clean up the internet of system vulnerabilities and bugs in the system in the hope of creating a safer and more secure internet.
It will be this team that will help in the future to point out potential vulnerabilities online, for example it was Project Zero in its early, part-time form which found Heartbleed, the huge breach that affected a whole host of sites which potentially compromised a great deal of consumer data from email addresses and passwords to credit card details. Chris Evans, who leads the initiative, says in his announcement of the Project that it was successes like these that meant the part-time team could expand to a full-time one.
The team is named for the events they are trying to prevent, Zero Day attacks. These are attacks made on systems where the creators did not know there was a previous vulnerability within them, where engineers have had zero days to patch the problem. Hopefully, with the help of Project Zero, any vulnerabilities will be able to quickly be pointed out to engineers and issues can be fixed before the vulnerabilities are noticed by the wrong kinds of people.
Evans goes on to elaborate that he believes the internet should be something we all use without fear. When we browse we shouldn’t be at risk of catching a computer virus or having spyware or malware make its way onto our hard drives. He’s determined that this will just be the beginning of teams like Project Zero will emerge to help look over the internet as a whole, not just groups that will look after their own company’s software. Project Zero will not exclusively be looking into Google issues, they will be out there to help anyone.
So that there isn’t any suspicion around the team, which no doubt when some hear the term ‘hacker’ that not all may feel safe, Project Zero will be filing all of the bugs they uncover in an external database for complete transparency as to what they are looking at. Of course, this will not be a public database, as the last thing Project Zero – or anyone for that matter – will want to have these vulnerabilities in a nice convenient list for people to exploit. Project Zero will go straight to the companies where they identify the issues, with no third party involvement.
Google also have their own reasons for wanting Project Zero. After it was found that the NSA had been spying on user information, this has since led to a mass effort on Google’s behalf to encrypt user data and help to tighten the security of their users. At the moment Google has teased a browser plugin which is in progress that aims to encrypt user emails. Google is intent on its anti-spy policies and this goes to prove how dedicated they are to it.
The team includes hacker Chris Hotz, who at only 17 years of age took apart AT&T’s lock on the iPhone in 2007 and reverse engineered the Playstation 3 to identify the issues within the systems. He even went as far as dismantling Google’s Chrome OS earlier this year, but where before he was threatened with lawsuits, Hotz was offered a $150,000 reward if he could help Google in fixing the bugs he had found. No doubt this was what earned him his place on Project Zero, where he can now continue his work in a professional environment with a wage to go with it.
How do you feel knowing that we now have Google’sĀ Project Zero looking out for us on the web?