Part of:

Is Security Research Actually Helping Hackers?


Academic research and publications can help hackers, leading to an ongoing duel between security researchers and the crooks seeking to thwart their efforts.

When the story broke in 2011 that researchers had modified the lethal H5N1 virus to be more transmissible and wanted to publish their findings, most of us were justifiably alarmed. While the virus was modified as part of research designed to help determine what might help reduce human transmission of the virus, critics couldn’t help but ask: What would happen if someone used this information to produce and distribute this deadly virus?

Although not potentially life-threatening, a similar dynamic exists in the field of computer security. Security researchers, some academic and some amateur, search for flaws in security systems, operating systems and applications. When they find such a flaw, they usually make their findings public, often with accompanying information about how the flaw can be exploited. In some cases, this information can actually help malicious hackers to plan and marshal their attacks.

White Hats and Black Hats

Hackers are normally grouped into two basic categories: black hats and white hats. Black hat hackers are the "bad guys", attempting to identify security vulnerabilities so that they can steal information or launch attacks on websites. White hat hackers also search for security vulnerabilities, but they either inform the software vendor or make their findings public to force the vendor to address the vulnerability. White hat hackers can range from university academicians conducting security research to teenaged amateurs motivated by curiosity and a desire to pit their skills against those of the professionals.

When a security flaw is made public by a white hat hacker, it is often accompanied by proof-of-concept code that demonstrates how the flaw can be exploited. Because black hat hackers and white hat hackers frequent the same websites and read the same literature, black hat hackers often have access to this information before the software vendor can close the security hole. Studies have shown that hacking exploits are frequently available within 24 hours of the disclosure of a security flaw.

Need Help Cracking a PIN?

Another source of information is computer security research papers published by white hat academicians. Although academic journals and research papers are probably not to the taste of the average hacker, some hackers (including potentially dangerous ones in Russia and China) can digest and use abstruse research materials.

In 2003, two researchers from the University of Cambridge published a paper outlining a method for guessing personal identification numbers (PINs) that would greatly improve on the brute force technique that was being used many hackers. This paper also contained information about the hardware security modules (HSMs) used to generate encrypted PINs.


In 2006, Israeli researchers published a paper outlining a different method of attack that required the assistance of an insider. Shortly thereafter, Graham Steel, a security researcher at the University of Edinburgh who published an analysis of PIN block attacks that same year, began to get Russian emails asking if he could provide information about cracking PINs.

In 2008, a group of hackers was indicted for stealing and decrypting blocks of PIN numbers. The affidavit filed in court indicted that the accused hackers had received "technical assistance from criminal associates in decrypting encrypted PIN numbers."

Could those "criminal associates" have used existing academic research to help devise methods to steal and decrypt encrypted PINs? Would they have been able to obtain the information they needed without the help of security research papers? (For more hacker tricks, check out 7 Sneaky Ways Hackers Can Get Your Facebook Password.)

How To Turn an Apple into a Brick

The battery for an Apple laptop has an embedded chip that enables it to work together with other components and the operating system. In 2011 Charlie Miller, a security researcher specializing in Apple products, wondered what havoc he could wreak if he could gain access to the battery chip.

Gaining access proved to be fairly simple, as Miller was able to figure out the default password that put the chip in full access mode. This enabled him to deactivate the battery (sometimes referred to as "bricking," probably because a bricked battery is about as useful to a computer as a brick). Miller theorized that a hacker could also use full access mode to place malware on the battery chip.

Would hackers have eventually found this obscure weakness in Apple laptops without Miller’s work? It seems unlikely, but there’s always the chance that a malicious hacker could have stumbled upon it too.

Later in the year Miller uncovered a bug in Apple’s iOS operating system for iPads and iPhones that could enable a hacker to run malicious code. He then created a harmless proof-of-concept application to demonstrate the bug and got it approved for the Apple Store by disguising it as a stock ticker application.

Apple was not amused, contending that Miller had violated the terms of the Apple developer agreement. Apple ejected Miller from its developer programs.

Do Hackers Provide a Valuable Service?

Although they may provide information that can be of use to malicious hackers, white hat hackers are also invaluable to software vendors. Charlie Miller, for example, had alerted Apple about dozens of bugs before his developer’s license was terminated. Even though publishing information about a security vulnerability can temporarily expose a system to attack, public disclosure is probably preferable to having a malicious hacker discover the vulnerability and exploit it unbeknownst to the vendor.

Security professionals have even grudgingly acknowledged the importance of black hat hackers. At black hat conventions such as DEFCON, security researchers, academics and law enforcement officers mingle with the hackers and crackers to listen to presentations about hacking. Computer science academics have gained valuable insights from the hacker perspective and have used them to improve their curricula. Many companies have also hired (presumably) reformed hackers as security consultants to test their networks and systems. (To learn more about hackers, check out 5 Reasons You Should Be Thankful for Hackers.)

The Ongoing Duel Between Security Researchers and Hackers

Does security research often unintentionally provide useful information to hackers? Yes. However, research performed by hackers also provides useful information to academics and designers of security systems. Powered by the freedom of the Internet, the creative minds of hackers and security researchers are likely to continue to be locked in both an ongoing duel and a deepening interdependence.


Related Reading

Allen Hudspeth

Allen Hudspeth is a freelance writer and editor based in the Southeastern United States. He has also worked as a programmer/analyst, and likes to play around with Adobe Flex/ActionScript applications in his spare time. He likes anything that gets him outdoors, including biking, hiking and gardening. He's also a journeyman cook and loves a good microbrew.Hudspeth grew up wanting to be a professional baseball player. Although he played college and semi-pro ball, he didn't quite have "the right stuff" to make it to the pros.Fun fact: Hudspeth once struck out 21 batters in an American Legion baseball game.