Wanted: Weaponized exploits that hack phones. Will pay top dollar
In a sign of the soaring demand for zeroday attacks that target software that’s becoming increasingly secure, a market-leading broker is offering serious cash for weaponized exploits that work against Signal, WhatsApp, and other mobile apps that offer confidential messaging or privacy.
Zerodium, the Washington, DC-based broker that launched in 2015, said on Wednesday that it would pay $500,000 for fully functional attacks that work against Signal, WhatsApp, iMessage, Viber, WeChat, and Telegram. The broker said it would start paying the same rate for exploits against default mobile e-mail apps. Those are among the highest prices Zerodium offers. Only remote jailbreaks for Apple’s iOS devices fetch a higher fee, with $1.5 million offered for those that require no user interaction and $1 million for those that do. The jailbreak fees were announced in September 2016 and September 2015, respectively.
“Overall prices are trending up—and quite significantly in many cases, and there’s an increased focus on mobile,” Adam Caudill, a senior application security consultant at AppSec Consulting, told Ars. “The new $500k targets for messaging and default e-mail apps show what a priority attacking individuals via their devices has become (which makes sense, given the recent increase in state-sponsored malware targeting mobile devices via SMS and the like).”