“The fact that the FBI’s immediate need got satisfied, through that one vulnerability, cooled it off. So the public maybe should thank Azimuth for the fact that there aren’t backdoors in their iPhones.”
Bug bounties and mock attacks
The race to find vulnerabilities in software and devices is a global pursuit. Companies like Apple conduct rigorous testing of their products to uncover security gaps, or hire firms to conduct mock attacks. Governments and large organisations also test products to identify vulnerabilities and make the entire web ecosystem more secure.
Google, for example, runs a team of analysts called Project Zero for just this purpose, and operates a huge farm of virtual machines running all kinds of \software that’s automatically bombarded with attacks around the clock, with details of crashes and incursions recorded for further analysis.
Private security experts also participate, for altruistic or research purposes or to make money. More ethical outfits might be able to win competitions or claim “bug bounties” from companies for finding new exploits. The less ethical ones might use it directly for criminal purposes, or sell it to people who will.
And existing at various points in between are exploit brokers. Creating, buying and selling exploits, in some cases for extremely particular purposes, many brokers work only with legitimate businesses and democratic governments, while others sell to the highest bidder.
Loading
The ethical lines, even for the genius hackers working for law enforcement agencies, can often get fuzzy.
However Mr Rogers, vice president of strategy at cybersecurity company Okta, said the type of work done by outfits like Azimuth remains important and plays a vital role in making the internet safer.
“We don’t want to outlaw the kind of tools that are needed to do this research, because criminals aren’t going to listen to that.
You need to be able to prove that something is exploitable, in a lot of cases, and you also need to be able to test that defences are adequate to protect against these things,” Mr Rogers said.
Technology newsletter
The top technology stories, gadget releases and gaming reviews delivered every Friday. Sign up here.