The Zero-Day Threat


In the world of computing, a “zero-day” attack is a software problem that puts people in immediate danger. It gets its name because the software developers who are combating the problem have zero days before the problem is imminent—as in, it’s happening right now, and every second that passes could bring another wave of destruction.

Usually, zero-day attacks happen when software developers find a bug in a popular program. For example, let’s say one day Apple discovers that a flaw in the iPhone operating system lets hackers steal users’ personal information. The flaw has been in the system since the last software update, so hackers have had weeks to exploit it without anyone even knowing the problem existed. Millions of people might have already had their personal data stolen, and thousands more could be losing their data every hour. This is a zero-day scenario: The threat is already happening, there is no time cushion before the damage starts to unfurl, and software developers need to scramble to make a patch before anyone else gets hurt.

This scenario might seen unlikely to casual consumers, but any programmer will tell you that it has actually happened multiple times. Just recently in 2014, programmers discovered the Heartbleed bug, a security flaw that let hackers steal passwords and other personal data from all over the Internet. The next year, programmers discovered the Stagefright bug, a security glitch in Android phones that allows hackers to take control of certain phone operations remotely. This Stagefright bug, shockingly, is still not fixed, despite the overwhelming risk to user safety. And Apple has not escaped damage, either: Late in 2015 programmers also discovered corrupted code in various apps that let hackers put malware in thousands of iPhones.

Of course, the threat of a zero-day attack isn’t just about how hackers can exploit flaws. The even bigger threat is viruses. A zero-day virus is a virus that has no known anti-virus: Like a zero-day bug, the virus gets its name because programmers have zero time to lose as damage starts piling up. Notable past zero-day viruses include Code Red, Leap-A (the first virus targeted at Apple computers), Conficker, and the dreaded Storm Worm. All of these viruses essentially have the same goal: They allow hackers to take over your computer remotely, steal personal information, and/or make your computers do things that you don’t want them to do.

For example, the Storm Worm downloads malware onto your computer that steals files from your hard drive, and then it lets hackers assume control of your computer at will. A hacker could use your computer to commit crimes, or add your computer to a huge network of jacked computers in order to orchestrate a huge hack against another target. This exact scenario happened with the Code Red virus in 2001, which used a series of hijacked computers (called “zombies” or “bots”) to siege the White House’s computer servers.

So, what can software developers do to prevent a zero-day attack?

Well, strictly speaking, nothing.

A zero-day attack is, by definition, something that no one anticipated. The best thing that developers can do is just try to make their software as secure as possible, and make anti-virus software that’s as effective as possible. Of course, even that can’t be enough: Hackers are always making new viruses, and even if anti-virus programs have a good database of known threats, they won’t always be able to spot new ones because the new ones could be coded very differently. So, as much as we’d all love a magic firewall that would just protect us from every virus guaranteed, the truth is that when something goes terribly wrong, we just have to hope the “good guy” developers will be able to race to a solution before too many people suffer.