Just how much do you care about your privacy? Would you spend a few hundred on an antivirus or VPN? Well, a company is ready to pay $500,000 to hackers able to breach your online privacy.
Zerodium, a Washington DC-based company that specializes in acquiring and reselling zero-day exploits is now looking to take a piece out of WhatsApp and Signal. The company is offering some serious moolah to any hackers who prove they can infiltrate and spy on users of the popular smartphone messaging apps.
On Wednesday, Zerodium put a $500,000 cash prize up for grabs, for whoever can provide tools that allow remote code execution and local privilege escalation for the two apps. Basically, the company is looking for a way hackers could get into your device without your knowledge.
¡°Zerodium pays premium bounties and rewards to security researchers to acquire their original and previously unreported zero-day research affecting major operating systems, software, and devices,¡± the company said on its website. ¡°While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and [proof of concepts] but pay very low rewards, at Zerodium we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market.¡±
Zerodium won¡¯t specify who its customers are, but their website speaks louder than any other statements.
¡°Zerodium customers are major corporations in defense, technology, and finance, in need of advanced zero-day protection, as well as government organizations in need of specific and tailored cybersecurity capabilities.¡±
Unfortunately, that raises some uncomfortable questions, particularly since these zero day exploits have been used to spy on journalists and political dissidents in the past. Just last year a human rights activist in the UAE was spied on using an iPhone exploit.
The only silver lining here is that the Signal and WhatsApp exploits being sought are at the top of Zerodium¡¯s price list, meaning they¡¯re hard to come by if at all, and they¡¯re also not compromised just yet.