Cybersecurity Companies Are Paying Up To $2 Million For Undiscovered Ways To Hijack iOS Apps
In the hacking world, the best kind of data heist you can pull off is one that can¡¯t be countered. That¡¯s why zero-day hacks are valuable, exploits that are so new there¡¯s no fix for them yet. And it seems hackers are highly valuing them even more.
In the hacking world, the best kind of data heist you can pull off is one that can't be countered. That's why zero-day hacks are valuable, exploits that are so new there's no fix for them yet. And it seems hackers are highly valuing these kinds of exploits for iOS apps in particular.
Zerodium is one such company that deals in zero-day exploits, legally of course. They gather up this knowledge through research and business deals with hackers, and then sell them to companies that pay for the information. And on Monday this week, the company announced it would pay up to a cool $2 million for zero-click jailbreaks of Apple's iOS (which don't require the user to click a link), $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that hijack secure messengers WhatsApp and iMessage.
Also Read: Millions Of Android Devices Are Highly Insecure Before You Even Buy Them, Claims New Research
Earlier Zerodium was offering $1.5 million, $1 million, and $500,000 respectively for the same exploits, so prices have risen steeply. That means that the demand for zero-day exploits is going up, and perhaps also that it must be getting harder to crack into commercial apps and hardware.
In either case, it's a warning sign to tech companies that it's impossible to safeguard your systems without a bug bounty program. You can't just rely on your budget-constrained cybersecurity team and the good will of white hat hackers.
Also Read: If You Get This SMS On Income Tax Refund, Beware It's A Russian Scam With Thousands Of Victims
The types of exploits Zerodium are looking for are the kind that criminals regularly use to try to dupe people into handing over their data or security credentials. And if they work, the point is you have no idea you've been compromised. Additionally though, it's also the kind law enforcement around the world use to monitor criminal and terrorist suspects.
It's also interesting to note that the rewards for WhatsApp and iMessage exploits have doubled, even as the company's payment for Signal exploits (considered the most secure messenger) has remained the same. That's not because these two are harder to crack than the latter, but just because of the sheer number of people using them.
