Skip to main content

Google employees discovered how to hack a corporate network just by sending an email

What if, with a single email, an attacker could monitor all traffic on a supposedly protected network?

Researchers from Google’s Project Zero found, and silently reported, a bug in FireEye security software that allowed attackers to do just that. No, it’s a not a phishing scam. No one had to actually open the email. Just sending it was enough.

Recommended Videos

FireEye offers devices that scan all traffic flowing through a company’s network. If malware is detected in any transfer, the device intercepts the file and removes the malware.

Project Zero demonstrated they could use this constant screening process against the software, turning it from a security feature into a bug that monitors all Internet traffic inside the company. Google employee Tavis Ormandy outlined the process in a blog post.

“For networks with deployed FireEye devices, a vulnerability that can be exploited via the passive monitoring interface would be a nightmare scenario,” wrote Ormandy, adding that such an exploit could let hackers passively monitor all traffic on a company’s network. He then outlined an exploit that does exactly that.

Read the entire post if you’re technically inclined — everything is laid out in detail. But don’t worry, FireEye has been notified of the problem, and given a chance to fix it before Google published the exploit for the entire world to read.

Google’s Project Zero team is charged with discovering, documenting, and silently reporting zero day exploits before malicious hackers do. The team researches not only potential security issues in Google services, but any software used by large groups of people.

When the team discovers a flaw in another company’s software, they report it silently so that patches can be developed and released. It’s only after everything is fixed that they make their discoveries public — or 90 days, whichever comes first. The team caused controversy in 2014, when Microsoft did not fix an exploit in Windows 8 within the 90-day Window.

Justin Pot
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Don’t miss this chance to buy a MacBook Air at $200 off
The MacBook Air on a table in front of a window.

For those who have always wanted to get one of Apple's MacBooks but can't stomach the price tag, here's your chance to buy one for a relatively affordable price. Best Buy has slashed the price of the 13-inch Apple MacBook Air M3 to only $699, for savings of $200 on its sticker price of $899. You need to act fast though, as there's always high demand for MacBook deals. The stocks that are up for sale may already be gone as soon as tomorrow.

Why you should buy the 13-inch Apple MacBook Air M3

Read more
This HP Chromebook is under half-price today — just $190
The HP Chromebook 14 laptop on a white background.

You should turn your attention towards Chromebook deals if you want to buy a new laptop on a tight budget, and we've found an offer that you won't want to miss. From its original price of $410, the HP Chromebook 14 is down to just $190 for savings of $220 from Walmart. You won't always have the chance to get this device for less than half-price though -- in fact, the opportunity may be gone as soon as tomorrow. If you want to take advantage of the discount, you need to buy the Chromebook right now.

Why you should buy the HP Chromebook 14

Read more
Avast’s most complete antivirus plan is 70% off right now
Couple making selfie inside car with open window.

Avast has been popping off with incredible deals this month. The antivirus company recently offered 70% off its Premium tier of virus protection. For the next 30 days, Avast is extending that offer to its Ultimate tier of protection. That means you can protect one device with Avast Ultimate for $33 for a year, down from its usual $110. If you want to cover 10 devices, you'll only pay $42 instead of $140.

Let's dive into what Avast Ultimate offers and why you might want it over the free tier or the Premium plan. This deal is live now, and will stick around for the next four weeks.

Read more