Vulnerability broker Zerodium says it is now offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required.
Zerodium is not offering the considerable reward because it wants to make the Android operating system a safer environment. Instead it believes it can make a handsome profit by selling such an exploit to the likes of intelligence agencies and law enforcement bodies.
Whereas the likes of Apple, Google, and Microsoft offer bug bounties for details of vulnerabilities in their software and then work on improving their code to protect their userbase, Zerodium offers ways to crack into devices to whoever is prepared to stump up the cash.
I suspect that the majority of Zerodium’s customers are not software manufacturers, but governments and intelligence agencies who use use the zero-day exploits to spy on suspected criminals, terrorists, persons of interest, and foreign nations.
And those types of customers have a vested interested in the likes of Apple, Microsoft, and Google not patching the bugs. After all, once a zero-day vulnerability is fixed its value reduces considerably.
What I find interesting is that Zerodium’s offer up to $2.5 million for a “full chain (Zero-Click) with persistence” exploit is actually greater than the equivalent no user interaction exploit for iOS (for which a paltry $2 million is offered).
In fact, citing “market trends”, the controversial vulnerability broker has actually decreased some of its payouts for iOS exploits. For instance, the maximum an iOS full chain exploit that provides persistence and requires onl ..
Support the originator by clicking the read the rest link below.
