Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Google employees discovered how to hack a corporate network just by sending an email

By

fireye exploit email network hacked dis
What if, with a single email, an attacker could monitor all traffic on a supposedly protected network?

Researchers from Google’s Project Zero found, and silently reported, a bug in FireEye security software that allowed attackers to do just that. No, it’s a not a phishing scam. No one had to actually open the email. Just sending it was enough.

FireEye offers devices that scan all traffic flowing through a company’s network. If malware is detected in any transfer, the device intercepts the file and removes the malware.

Project Zero demonstrated they could use this constant screening process against the software, turning it from a security feature into a bug that monitors all Internet traffic inside the company. Google employee Tavis Ormandy outlined the process in a blog post.

“For networks with deployed FireEye devices, a vulnerability that can be exploited via the passive monitoring interface would be a nightmare scenario,” wrote Ormandy, adding that such an exploit could let hackers passively monitor all traffic on a company’s network. He then outlined an exploit that does exactly that.

Read the entire post if you’re technically inclined — everything is laid out in detail. But don’t worry, FireEye has been notified of the problem, and given a chance to fix it before Google published the exploit for the entire world to read.

Google’s Project Zero team is charged with discovering, documenting, and silently reporting zero day exploits before malicious hackers do. The team researches not only potential security issues in Google services, but any software used by large groups of people.

When the team discovers a flaw in another company’s software, they report it silently so that patches can be developed and released. It’s only after everything is fixed that they make their discoveries public — or 90 days, whichever comes first. The team caused controversy in 2014, when Microsoft did not fix an exploit in Windows 8 within the 90-day Window.

Editors' Recommendations

Google just enabled an awesome new feature in Google Docs

Google Docs in Firefox on a MacBook.

Google will help open-source tech fight cyberattacks

A man walks past the logo of the US multinational technology company Google during the VivaTech trade fair.

Websites may be logging your email and password without you knowing

A digital encrypted lock with data multilayers.

The most common Zoom problems and how to fix them

zoom privacy feature freeze active users meeting office

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

This pet hair-friendly robot vacuum is $640 off at Best Buy

A bObsweep Bob PetHair robot vacuum leans up a hardwood floor.

Apple iPhone 14: Release date, leaks, price, and more

iPhone 13 Pro in blue.

Best Xbox Live Gold deals for June 2022

xbox one s x deals ebay brandsmart spring sale review 50 1500x1000

The best gardening apps for 2022

Garden-apps-feature-image11

Best Xbox One deals and bundles for June 2022

Xbox One S bundle deals

Dell Memorial Day Sale 2022: Save on laptops, gaming PCs, and more

Dell XPS 15 OLED on a table.

Need a backup controller? Here are the best gaming controller deals

A person plays Crash Bandicoot using a PS5 DualSense controller.

Star Wars: Stories that still deserve Disney+ shows

Star Wars: The Old Republic MMORPG promo art featuring a collage of characters.