FBI Admits Abuse Zero-Day Vulnerabilities In Investigations
The FBI has acknowledged for the first time that it uses zero-day vulnerabilities to track people online. According to a top woman of the American service, it is not a favorite method, because it does not work for a long time.
A hacking tool based on a zero-day vulnerability stops working as soon as the software maker releases a patch and the user the FBI wants to monitor installs it, CEO Amy Hess said in an interview with the American newspaper Washington Post. According to her, this makes it less reliable than a traditional tap.
In addition, the US service struggles with the ethics of using zero-day vulnerabilities. The balance between being able to track suspects and reporting vulnerabilities to software makers so they can make their products more secure is important, Hess says. “How do we balance that? That’s a constant challenge for us.”
It has been known for some time that government services are very interested in zero-day vulnerabilities, leaks in software that are not yet known to the maker of that software. Government services offer hackers a lot of money for sharing details about it, because it offers a rare opportunity to penetrate well-secured and patched systems. The FBI is the federal law enforcement agency of the United States, but it is not an intelligence agency like the NSA.