Report: Police to exploit zero-day vulnerabilities; Won’t caution developers

The Dutch government will soon make a proposal that would allow the police to exploit so-called zero-day vulnerabilities in software and not notify the developers about the weaknesses, the Telegraaf reports based on sources in The Hague.

This means that if the police manage to break into a suspect’s phone and computer through a vulnerability that the developer does not know about, the can leave that “back door” open. And they don’t have to tell the developer about it. This will allow the police to make use of the same vulnerability for longer.

This controversial plan is a sensitive topic for the governing coalition. Because leaving the back door open for the police, also means leaving it open to other hackers with more sinister intentions.

In a previous debate on these zero-day vulnerabilities ended with the decision that the police would make use of vulnerabilities they find. But they will also immediately report the vulnerability to the software company involved. In that way the software company can fix the problem.