The Evolution of Security
Hey everyone! Today I want to talk about security again. More specifically, though, we're going to be talking about how security is always evolving. Computers are still a very new technology, which means that new exploits are being found all the time.
There are actually a lot of creative methods that people have successfully used to hack computers. For instance, earlier this week Mike and I were discussing a story from several years ago, where a hacker was able to use public photos to recreate a fingerprint with sufficient detail to fool a scanner. There was also a method discovered in 2016 to steal data from hard drives just by recording the sound that they made. A lot of these hacks are actually developed by researchers, not people trying to actually steal data. They're impractical in the real world, but can be used to inform future development of security technology.
Sometimes, though, hacks are discovered that have the potential to be devastating. One of the most notable recent examples was an exploit called Heartbleed. Discovered in 2014, this exploit effectively broke OpenSSL, the largest encryption library in the world. This means that anyone using OpenSSL encryption (which is the majority of the industry) was vulnerable to their data being stolen. More recently, in 2018, another exploit called Meltdown was discovered. This affected any computer running processors on the x86 architecture, used by almost all laptop and desktop computers today. It allows a process, such as malware, to read any data that is passing through the computer's memory - regardless of whether it has permission or not - and can't be detected when carried out. It has also since been patched, but both of these were huge wake up calls to the industry and reminded us that no technology is 100% secure.
Finally, let's address one more example - what if the security isn't broken, but just beaten at its own game? A great example of this is captchas. 10 or 15 years ago, having a secure captcha meant just uploading an image of some distorted text and having the user enter in the solution. However, as image processing algorithms improved, these were able to be solved by machines as well, effectively rendering the captcha useless. Google's reCAPTCHA system is the most widely used today, and some versions still rely on image recognition (though more complicated than the previous distorted text example), but newer versions will actually analyze your behavior when browsing a website in order to determine whether you're a human or not.