Google leads as 2017 draws to a close.

Time to read
2 minutes
Read so far

Google leads as 2017 draws to a close.

Mon, 10/23/2017 - 23:05
Posted in:

By James Azar

Cyberhub Summit

As 2017 is drawing to a close, big companies are ramping up their cybersecurity measures for 2018. Reputation management is everything and the more security measures that a company possesses, the better chance it stands for a fruitful 2018.

While Apple has the clear advantage in mobile with the newest iPhones, Google is trying to take the lead with several new innovations, set to make internet browsing even safer.

Google just launched a major upgrade to its 'Safe Browsing' technology that predicts whether a site will try to steal your password.

Predictive phishing technology is effective because it breaks down the Google history to check when a site was created and whether it has been used for phishing purposes. The feature will only protect the Google Chrome password but will eventually be able to protect any saved password. This is a really good precautionary tool, if it does what's written on the box.

Another new Google feature being released will be the Advanced Protection Program, intended for users wanting more security features than the average Mom and Pop store. It will provide each Gmail account that enrolls in the program with a physical security key for sign in, just like an office key card you might have at work for entry and exit.

The good news is that your phone will be that much more secure. Bad news - you will have to take out a little USB device out of your pocket to sign in to your Gmail account every single time and it may take a few days to reset the security measures, if you forget or lose your password.

Practically, if you are being stalked by an international cybercriminal ring then it’s totally worth it, for run of the mill users, this could just create usage problems.  

The reason why they came up with this feature is due to the fake Docs phishing attack back in May. But what about future attacks? How would Google prevent those? Well, Google, quite unsurprisingly are one step ahead there too, with the Bug Bounty Program.

Google launched the Bug Bounty Program (dubbed the Google Play Security Award) which works with researchers to find vulnerabilities in Android Apps for a $1000 prize. Any white hat hacker can participate by submitting a vulnerability to the app developer. As soon as the issue has been resolved they can submit their report to the Rewards Program and receive the prize money.

Google is partnering up with the 'bug bounty' company, HackerOne where all the bugs will be submitted to. HackerOne is one of the largest network of ethical hackers in the world. They have participated in 910 programs, fixed over 56,000 bugs, and made $21 million dollars. It’s the best place to get third parties to evaluate any app’s or site’s security.

Hacker One commented that "For now, the scope of this program is limited to RCE (remote-code-execution) vulnerabilities and corresponding POCs (Proof-of-concepts) that work on Android 4.4 devices and higher."

The choice a potential hacker will have to make is between making money by stealing people’s money and identities or by fixing app issues? Who knows, many may move away from the Dark side, just because of the risk factor.

It’s unfortunate that even after all of these efforts there will obviously still be malicious malware undiscovered, and that will probably slip by the various Google security features unnoticed.

However, in comparison, Google is definitely ahead of Apple on this one. Apple’s bug rewards program started on a high note - invitation only, meetings behind closed doors, and private dinners for select security researchers. However, the program is currently faltering due to a low payout. Experts are saying that security researchers can make more money by submitting the Apple bugs they found to third parties, rather than submitting it directly to Apple.

Samsung is not far behind. They just launched their own bug rewards program that starts at $200 per bug and requires the researcher’s proof of concept. These programs not only provide the companies with a way to upgrade their security and get some more eyes on their code, but also a legal and harmless way for hackers to make money and pay rent (without phishing, scamming, or stealing).

What are your thoughts on Googles' advancements in cyber security? Let us know in the comments below.