Vulnerability in iOS can sell for 5 million rubles
A team of developers and ex-hackers have launched in Russia a stock exchange for the sale of software vulnerabilities. On the exchange traded gaps in iOS, OS X, Android, Tor, Adobe Flash and other software. The service is called Expocod.
The most expensive developers assess vulnerabilities in iOS and Tor, they can be sold for 80 000 dollars (about 5 million rubles at current exchange rate). For Adobe Flash, the company is willing to pay $55 000 (3.6 million rubles). Vulnerabilities in different browsers, you can sell for $35-60 thousand (2.3 to 4 million rubles). Information about “holes” of security in Windows, Linux, OS X is estimated at $35-55 million (2.3 to 3.6 million rubles)
Founder Expocod Andrei Shorokhov told “Kommersant” that previously worked in financial intelligence in the Department of financial investigations of the Federal financial monitoring service.
“I Expocod the sole owner and ultimate beneficiary of this project, some secret investors there, all the tools in the development of the project I invested,” — said Shorohov.
According to him, except for resale of the vulnerabilities that the company intends to search for flaws and develop exploits. Also Expocod team is working on creating its own software, which will allow you to assess the security of it systems.
Bought exploits Expocod intends to resell to government agencies and companies in the field of information security. Shorokhov anticipates that by the end of 2016, the company’s turnover will be about 100-120 million roubles.
Sources familiar with the project said that about the purchase of exploits with Expocod already communicated by the FSB. According to shorohova, the use by government agencies of exploits is “a necessity in the modern world to defend their strategic interests in the field of information security”.
To warn the vendors about vulnerabilities in their products Expocod no plans. The head of the company contends that the search and disclosure of vulnerabilities in software are not illegal. The CEO of ALT Linux Alexei Smirnov also noted that the activities of the companies for buying and selling exploits is not against the law.