For the full iPhone known “broker of vulnerability” is willing to pay $2 000 000

The company Zerodium, which is called one of the most famous brokers of vulnerabilities announced an increase in payments for tools to hack iMessage and compromise all the iPhone.

Zerodium increased amount of remuneration for the next zero-day vulnerability:

  • $2 million (instead of $1.5 million) for remote iOS that allows you to compromise the system without user intervention.
  • $1.5 million (instead of $1 million) for a remote jailbreak, requiring minimal user interaction.
  • $1 million (instead of $500 thousand) vulnerability in the iMessage app.
  • $500k (instead of $200 thousand) vulnerability in browser Safari, with remote code execution, leaving the environment of the sandbox, elevation in the system.
  • $200 thousand (instead of $100) for a local privilege escalation to kernel or root in iOS.
  • $100 million (instead of $15 thousand) for machinery bypass PIN and mechanism Touch ID in iOS.

Remote jailbreak ā€” almost complete iPhone hacking that gives the hacker access to the file system, which opens up unlimited opportunities for data theft and device management.

A zero day exploit or 0-day ā€” error, or malicious mechanisms of action, against which have not yet developed effective measures. The term means that the developers have 0 days to fix the problem: vulnerability or attack becomes known to the public prior to the release of the manufacturer fixes the error. Hackers can exploit the vulnerability for their own purposes or for the development of the jailbreak.

The business model Zerodium quite specific. The company specializiruetsya on the purchase and resale of exploits in the software. The company acts in the interests of government services worldwide. She keeps secret data was found on their own or purchased from third parties in the ways of hacking various programs. And then resells the secret information the government, law enforcement agencies and large companies.

Zerodium is constantly exposed to severe criticism, but from its principles refuses. The founder of the company Chauki Bekrar (Chaouki Bekrar) believes that the possibility of obtaining remote access to a variety of applications helps intelligence agencies to work more effectively.

Developers to discover any vulnerability, not in a hurry to share his discovery with the company whose software was compromised. Reward Zerodium are typically much higher than payments to corporations. For example, in 2016, Apple also launched its own security program to identify zero-day vulnerabilities. But most hackers this initiative was ignored. Apple offered only $200 thousand for a serious vulnerability, which on the black market would rate much higher.

Hackers can not attract and the speed with which Zerodium checks found exploits and pays the reward for them. On the company’s website States:

“Zerodium evaluates and verifies all the submitted studies for one week or less. Payments are made one or more payments by Bank transfer or cryptocurrency such as Bitcoin or Monero. The first payment is sent within one week or less.”

Source: Zerodium

MDlavka ā€” our store for your favorite readers. Technology Apple for the most pleasant prices are waiting for you every day from 10:00 to 21:00. Readers discount.

Clifton Nichols

Clifton Nichols

Hi! Iā€™m Clifton and I am a full-stack engineer with a passion for building performant and scalable applications that are beautiful and easy to use.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *