An organisation called Zerodium has announced an offer that hackers could hardly refuse: $500,000 for finding exploits in Whatsapp and Signal, two popular mobile messaging apps with millions of users across the world.
What the firm is looking for is remote code execution and local privilege escalation vulnerabilities in the two applications, asking for a working hack to pay the $500,000 reward.
However, this kind of offer could be worrying for users running these apps on their mobile devices; Zerodium is unlikely to turn to these tools to attack users. Instead it resells zero-day exploits to various organisations, including what could be governments, even though the company does not specifically reveal who buys the hacks.
“ZERODIUM customers are major corporations in defense, technology, and finance, in need of advanced zero-day protection, as well as government organizations in need of specific and tailored cybersecurity capabilities,” the company says on its website, as noted by Mashable.
In addition to the brand-new offer for Whatsapp exploits, Zerodium is also paying big bucks for other hacks which include vulnerabilities which would allow them to remotely break into an iPhone. This is valued at $1.5 million, and it’s not yet clear if someone ever discovered such an exploit and sold it to the company.
“ZERODIUM pays premium bounties and rewards to security researchers to acquire their original and previously unreported zero-day research affecting major operating systems, software, and devices. The majority of existing bug bounty programs accept almost any kind of vulnerabilities and [proof of concepts] but pay very low rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market,” the website adds.
Post Your Comments