Google has hired a prolific hacker by the name of George Hotz to join the Project Zero team. Hotz is well-known for hacking Sony's PlayStation 3 and Apple's iPhone.
The 24-year-old — also known as geohot — hacked into the PlayStation 3 in order to install alternate operating system software, with the intention of playing pirated games. Hotz was then subsequently sued by Sony, although the matter was settled outside the courtroom. The hacker is also known for unlocking Apple's iPhone. Now, after a brief stint at Facebook several years ago, Hotz has found a home with Google, according to the BBC.
Google's Project Zero aims to reduce the threat that zero-day attacks represent by funding vulnerability research and hiring top security specialists and hackers. The hire of Hotz, therefore, is hardly a surprise — as these types of projects need people that can think like cyberattackers, as well as be talented in their own right, in order to thwart them.
Chris Evans, "Researcher Herder" at Google.is currently hiring, although it does not say how people are recruited. Members of the team will seek out vulnerabilities in systems where "large numbers of people" are dependent on services, and in addition, will research "mitigations, exploitation, program analysis — and anything else that our researchers decide is a worthwhile investment," according to
Google will publish a public database of vulnerabilities found, as well as how long it takes companies to react to bug reports and fix the problem.
This is far from the tech giant's first foray into security, as the firm already has a bug bounty program for its own products, and Google staff are known for reporting vulnerabilities to other firms, including Microsoft and Apple.
Dr. Mike Lloyd, CTO at RedSeal Networks told ZDNet:
Google's move to set up Project Zero is very welcome. The infrastructure we run our businesses and our lives on is showing its fragile nature as each new, successful attack is disclosed. Unfortunately, we all share significant risks, not least because IT tends towards ‘monoculture,’ with only a few major pieces of hardware and software being used most of the time.
Organizations use the common equipment because it's cheaper, because it's better understood by staff, and because we all tend to do what we see our neighbors doing. These upsides come at a cost, though — it means attackers can find a single defect, and it can open thousands or even millions of doors, as we recently saw with Heartbleed.