The Straits Times says

Heed zero-day threats of digital world

The overarching sweep of the global hacking capability developed by America's Central Intelligence Agency, as alleged by the whistle-blowing outfit known as WikiLeaks, warrants deep reflection. The truth about if and how the agency actually applied sophisticated hacking tools hasn't emerged but the so-called objectives of its programme are plausible. Among them are efforts to target common smart devices and machines by exploiting "zero-day" vulnerabilities (attacks on unknown flaws that leave zero days to craft a defensive patch).

It is well known that hackers around the world routinely probe the software of major companies to find a back door that permits covert entry. Media shows have demonstrated how "white hat" hackers (who use their skills to assess security) can access all the data on a smartphone in just 60 seconds, often with nothing more than the phone number in hand.

What the WikiLeaks claims brought into focus were the range and depth of hacking efforts. Apart from breaching the operating systems of various mobile phone producers, spies look for ways to bypass the encryption of messaging and microblogging services, like WhatsApp, Telegram and Weibo. The cameras and microphones of personal computers and phones can be remotely activated, and smart TVs can be turned into eavesdropping devices. Even the high-tech systems of certain vehicles are regarded as fair game.

Such threats ought to be taken seriously as a series of multiple attacks last year caused major disruptions to Internet services in Europe and the United States. These were reportedly caused when "household and commercial webcams and router computers were taken over" and used to wreak widespread harm, according to The New York Times.

Such events should spur the public and private sectors to redouble efforts to strengthen cyber security. Users cannot afford to be complacent too, as even major companies like Apple, Google and Microsoft might discover their Achilles' heel only after crafty attempts to penetrate their defences come to light. Daily vigilance is required rather than mere reliance on periodic security patches, as unknown vulnerabilities might remain for years before software becomes obsolete, according to a Rand Corporation study.

The WikiLeaks disclosure also put the spotlight on the risks of mass surveillance as the world becomes more digital and connected. Wired magazine reckons that 50 to 100 billion devices will be linked in the globally emerging Internet of Things by 2020. At the centre of this giant web will be humans who would be both predator and prey. Thoughtful discussions ought to take place on the controls that will be needed to curb state sponsored abuses of smart technology.

A version of this article appeared in the print edition of The Straits Times on March 17, 2017, with the headline 'Heed zero-day threats of digital world'. Print Edition | Subscribe