Knowledge is power, if you know how to use it: the value of the zero-day
When Nicole Perlroth received the call to start working at the New York Times in 2010, she was busy writing articles about the investors who had financed Facebook, Instagram or Uber since the early days and who were well aware that they were onto a winner. The Times, however, wanted her for another type of content: they wanted her to report on cyber security, and even though the author knew next-to-nothing about the subject, she was the one they had chosen. In the world of digital security and hackers, she had yet to learn the lingo, and it would soon become familiar, but the most important word in her new vocabulary was, "zero-day", a broad term that describes security vulnerabilities in a company’s hardware or software which enables hackers to attack their systems: yes, it is a flaw, but it also acts as an invisible cloak for those who sneak in through the back door. "Zero-days" are the most important tool in a hacker's arsenal: a "zero-day" in Apple cell phone software would allow spies and hackers with the right skills to enter any iPhone without being detected. A series of seven zero-days in Microsoft Windows and Siemens industrial software enabled American and Israeli spies to sabotage Iran's nuclear program.
Finding a "zero-day" is a bit like entering God mode in a video game: it is the most direct application of the cliché "knowledge is power, if you know how to use it". Exploiting a "zero-day" can allow hackers to spy on iPhone users around the world, dismantle the security checks of a chemical plant, or make a spaceship come crashing down to Earth.