Zakir Durumeric, 26
A computer scientist sees a way to improve online security.
“It’s absolutely astounding what people attach to the Internet,” Zakir Durumeric says. He would know, because he invented a way to probe every computer online in just minutes. “We have found everything from ATM machines and bank safes to industrial control systems for power plants,” he says. “It’s kind of scary.”
A bank safe! Why would someone put that online? So someone in the bank can operate it from home?
“Yes. You sit there and you wonder: who on earth thought this was a good idea?”
Bad computer security practices like that can be mitigated far more readily with the ZMap scanning system -Durumeric developed. It determines not only which machines are online at any given moment, but also whether they have security flaws that should be fixed before miscreants exploit them. It finds everything from obvious software bugs to subtle problems like the ones that can be caused if an IT administrator fails to properly implement an arcane aspect of a cryptography standard.
Pinging all four billion devices on the Internet took weeks until Durumeric, who is pursuing a PhD at the University of Michigan, came up with a process that now takes about five minutes. He has used it to quickly inform website administrators about their vulnerability to catastrophic flaws such as the Heartbleed bug in 2014, and he hopes other security researchers will routinely do the same when they find weaknesses. “There’s always been this period where a vulnerability is [found] and then it takes weeks, months, or years for administrators to patch their servers,” he says. “We have an opportunity to change that.”
Watch this Innovator at EmTech 2015
Meet the Innovators Under 35