Data Backup Digest

Officially founded in 2014, Project Zero is an international team of security analysts and researchers who are employed by Google as a means of finding vulnerabilities in new technology. However, the group's roots are traceable all the way back to 2010, when internal Google employers found that they were regularly uncovering serious vulnerabilities in the IT systems that were commonly available at the time.

The team with Project Zero summarized their mission via a blog post, which read: "We perform vulnerability research on popular software like mobile operating systems, web browsers, and open source libraries. We use the results from this research to patch serious security vulnerabilities, to improve our understanding of how exploit-based attacks work, and to drive long-term structural improvements to security."

A History of Uncovering Exploits and Vulnerabilities

Project Zero has extensive experience when it comes to uncovering, identifying and exposing security vulnerabilities in modern technology. Although they've only been officially on the hunt for bugs since 2014, they've already played a part in the identification – and subsequent patching – of more than 2,000 issues.

Moreover, these issues exist in some of the most popular and widely used software today. As an example, the group has been actively exploiting and diagnosing no less than seven different bugs in various Windows operating systems.

In 2018, 22-year-old Jann Horn, a member of Project Zero, uncovered one of the worst chip flaws in history. This particular flaw had the potential to affect billions of devices, including baby monitors and smart home hubs to iPads and even the macOS itself.

Although Horn wasn't the only member of Project Zero to identify the flaw, his work is impressive due to the fact the he performed all of the research without the help of his teammates. Moreover, his findings made some of the industry's biggest names – including Apple – take a second look at their technology.

But Project Zero doesn't just release this information for public consumption. Not only would that pave the way for outside hackers, but it could result in serious repercussions for their group and, by extension, Google. Instead, the team with Project Zero abides by a 90-day disclosure deadline. Under this structure, they give the company 90 days to correct the issue before releasing their findings to the public.

In the case of the 2018 flaw, both Intel and Apple moved quickly to release their own software updates for affected systems. Regardless of their quick response, both companies – amongst others – were the target of several lawsuits in the wake of the incident.

More recently, the team with Project Zero has been exploring potential exploits and security vulnerabilities within iOS 14 and, specifically, the iMessage app. Thankfully, it appears that the development team with Apple has made numerous improvements to their security that have prevented, at least, some of the older vulnerabilities that were seen in previous iterations of iOS.

For more information about Google's Project Zero, including recent news and updates from the team, please visit their official website and blog at googleprojectzero.blogspot.com.