Project Zero: When 17-year-old George Hotz became the first hacker in the world to break AT & T's iPhone lock in 2007, companies ignored him and tried to fix the bugs he had discovered. When he later broke the Playstation 3, Sony sued him and only accepted a settlement when Hotz agreed never to break another Sony product.
Then Hotz dismantled the defenses of Google's operating system Chrome. His company paid him $150.000 as a fee. Two months later, Chris Evans, a Google security engineer, sent him an e-mail: Would Mr. Hotz like to join a full-time elite hacker team hunting for vulnerabilities? points on every popular product of the company?
So Google is publicly revealing the team (via Wired), known as Project Zero, a team of top security researchers whose sole mission is to identify and fix the most insidious security vulnerabilities. These secret hackable bugs, known in the security industry as "zero-day", are exploited by criminals, or state-sponsored hackers and intelligence services. By outsourcing this project to researchers, Google hopes to build a strong security infrastructure in its products.
Chris Evans
Google's security researcher Chris Evans is in charge of hiring top talent to run Project Zero.
"People deserve to be able to use the internet without fear that a vulnerability could destroy their privacy," says Evans. He is a British security researchertreatmentand led the former Chrome security team before taking the helm of Project Zero.
Project Zero has already hired a team of high-profile hackers who worked for Google: New Zealander Ben Hawkes discovered dozens of bugs in software such as Adobe Flash and Microsoft Office in 2013 alone. Tavis Ormandy, a British researcher with a reputation as one of the most productive bug hunters in the industry, he also belongs to the dream team. American hacker George Hotz, who hacked Google's Chrome OS and won the Pwnium hacking contest last March, will also be the team's intern. Swiss Brit Ian Beer has been on Google's secret security team for the past few months, after discovering six bugs he finds on Apple's iOS, OSX and Safari.
Evans says the team is not complete even hiring continues. Its aim is to have more than ten full time researchers in its management shortly. Most will work at a desk in Mountain View, using hunting bugs, but also with the hacker's pure intuition.
Evans insists that Project Zero is "mostly altruistic." But he himself has an enticing level of freedom to work on difficult security problems with minimal constraints. It can also use recruiting to bring top talent within Google, where they can later move on to other teams. And as is the case with all other Google projects, the company claims that this benefit will be collected by the end user of the internet. After all, secure and happy end users do more click in Google ads.
