One of Google's "big AI" projects uncovered some serious security threats seeminlgy all on its own

Trending 2 weeks ago
  1. Home
  2. Technology
  3. One of Google's "big AI" projects uncovered some serious security threats seeminlgy all on its own
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
(Image credit: Shutterstock)
  • Project Zero and DeepMind "big AI" uncovers information vulnerabilities
  • Big Sleep finds a SQLite stack buffer underflow flaw earlier charismatic release
  • AI could revolutionize package improvement by discovering captious flaws

A collaborative “big AI” task betwixt Google Project Zero and Google DeepMind has discovered a captious vulnerability successful a portion of package earlier nationalist release.

The Big Sleep AI supplier was group to activity analyzing nan SQLite unfastened root database engine, wherever it discovered a stack buffer underflow flaw which was subsequently patched nan aforesaid day.

This find perchance marks nan first ever clip an AI has uncovered a memory-safety flaw successful a wide utilized application.

Fuzzed package out-fuzzed by AI

Big Sleep recovered nan stack buffer underflow vulnerability successful SQLite which had been ‘fuzzed’ aggregate times.

Fuzzing is an automated package testing method that tin observe imaginable flaws aliases vulnerabilities specified arsenic representation information issues that are typically exploited by attackers. However, it is not a foolproof method of vulnerability hunting, and a fuzzed vulnerability that is recovered and patched could besides beryllium arsenic a version elsewhere successful nan package and spell undiscovered.

The methodology utilized by Google successful this lawsuit was to supply a antecedently patched vulnerability arsenic a starting constituent for nan Big Sleep agent, and past group it loose hunting for akin vulnerabilities elsewhere successful nan software.

While hunting for a akin vulnerability, Big Sleep encountered a vulnerability and traced nan steps it took to recreate nan vulnerability successful a trial case, gradually narrowing down nan imaginable causes to a azygous rumor and generating an meticulous summary of nan vulnerability.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Google Project Zero points retired that nan bug wasn’t antecedently spotted utilizing accepted fuzzing techniques arsenic nan fuzzing harness was not configured to entree nan aforesaid extensions. However, erstwhile fuzzing was re-run pinch nan aforesaid configurations, nan vulnerability remained undiscovered contempt 150 CPU-hours of fuzzing.

“We dream that successful nan early this effort will lead to a important advantage to defenders - pinch nan imaginable not only to find crashing testcases, but besides to supply high-quality root-cause analysis, triaging and fixing issues could beryllium overmuch cheaper and much effective successful nan future,” nan Big Sleep squad said. “We purpose to proceed sharing our investigation successful this space, keeping nan spread betwixt nan nationalist state-of-the-art and backstage state-of-the-art arsenic mini arsenic possible.”

The afloat testing methodology and vulnerability find specifications tin beryllium recovered here.

You mightiness besides like

  • These are nan best business VPNs
  • Proton VPN lands connected next-generation Windows devices
  • Take a look astatine our guideline to nan best antivirus

Benedict has been penning astir information issues for complete 7 years, first focusing connected geopolitics and world relations while astatine nan University of Buckingham. During this clip he studied BA Politics pinch Journalism, for which he received a second-class honours (upper division),  then continuing his studies astatine a postgraduate level, achieving a favoritism successful MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro arsenic a Staff Writer, Benedict transitioned his attraction towards cybersecurity, exploring state-sponsored threat actors, malware, societal engineering, and nationalist security. Benedict is besides an master connected B2B information products, including firewalls, antivirus, endpoint security, and password management.

More
Source Technology
Technology

Related Article

Viltrox is changing the game for camera lenses, with its latest premium prime matching Sony’s best for half the price

Viltrox is changing the game for camera lenses, with its latest premium prime matching Sony’s best for half the price

1 week ago
Professionals are facing "tech overload" as they try to juggle multiple devices in the workplace

Professionals are facing "tech overload" as they try to juggle multiple devices in the workplace

1 week ago
The Galaxy S25 Ultra's rumored iPhone-beating power could tempt me back to Android

The Galaxy S25 Ultra's rumored iPhone-beating power could tempt me back to Android

1 week ago

Popular Article

Soundcore’s newest clip-style earbuds focus on comfort

Soundcore’s newest clip-style earbuds focus on comfort

1 month ago
Better than Black Friday: shop record-low prices on Samsung TVs at Best Buy

Better than Black Friday: shop record-low prices on Samsung TVs at Best Buy

1 month ago
The iPhone SE might serve an unexpected surprise next year

The iPhone SE might serve an unexpected surprise next year

1 month ago
AirPods Pro 2's hearing health features will arrive as a software update starting next week

AirPods Pro 2's hearing health features will arrive as a software update starting next week

1 month ago
The best budget laptops for 2024

The best budget laptops for 2024

1 month ago
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions ·

©2024 Latest Tech News.
All Rights Reserved.