Some people are angry at the U.S. government for secretly stockpiling exploits for security flaws so that they can use them to spy on people. The latest outcry came late last week after the revelation that spies — in this case, believed to work for the United Arab Emirates — tried to hack an activist’s iPhone using three separate flaws not revealed to Apple by the government.
Like it or not, you should assume instead that they will exploit them either until someone else finds the vulnerability — a vendor, researcher, or ethical hacker — or until it’s in the government’s interest to disclose it, such as when it knows a competing power has found it as well. Even the United States, where the official policy is to quickly release details of discovered exploits to affected vendors, has acknowledged it doesn’t release exploits it thinks it can use.
This reality imposes a high price on everyone because it means we have to spend the effort to find the vulnerabilities on our own knowing that they could be used against us until we do. Vendors and researchers need to redouble their efforts as a result.
Read More: Info World
Featured Image – Wikimedia Commons