For all you Tech-Savvy geeks, there is a way to earn mindboggling millions with just a single find. Report your research on any “zero-day” exploits of popular products/applications to these Bug-brokers! If you can hack into Apple’s recent, fully-patched iOS – 10 operating systems and find hidden bugs, Zero-Day is very interested. So much so, that this bug-broker in the Tech Security industry has tripled its previous “bounty” value for such exploits. A “zero-day” exploit essentially is a glitch identified in the product and tried to take advantage of, when even its own developers are unaware.
Zerodium previously paid 500K USD for a single exploit. And this time, Zero-Day has promised 1.5 Million US Dollars but only for sophisticated exploits that gives access to all of user’s data in the device. Mammoth money. Zerodium promises to evaluate the hacker-submitted research on the exploit and if satisfied, wire the payment in at most a week. When questioned about it to the founder of Zerodium, ChaokriBekrar, he remarks that an exploit in iOS 10 is 7.5 times as harder to achieve than in Android phones. This was the reason even Android 7 exploits can fetch only up to a maximum of 200,000 USD for the hacker.
The Bug Broker community has their business predominantly in the following wayswith Zero-Day:
- Motivate hackers to bring to them genuine ‘rare’ exploits by promising big bucks.
- Pay them a fat check as reward for it.
- Own up the exploit as if it’s theirs and sell it to organizations like defense contractors, government agencies and others.
The companies themselves, such as Apple, have teams working constantly on flaws reported to them. However, the maximum remuneration given till date is only 250,000 dollars, which is in stark contrast to the big money offered by brokers like Exodus and Zerodium.
For all that money, what’s the catch? Surely there must be something!!!
Bug brokers have faced a lot of flak in the past as they posed appealing ways to make money for the hackers who target individuals and companies compromising their privacy and security. Companies typically don’t like their idea of selling information about their product/application to other organizations that permit them to be hacked easily. For example, information about a bug in Apple’s OS is typically sold to a government agency. If it had been disclosed to Apple, it can patch up the flaw and prevent further vulnerability.
Secondly, though it may well seem like these brokers are paying a hefty sum for the exploits, the reality is that they charge their clients in six-figures per year for those information. It is said that Exodus charges 200,000 USD for its clients every year who wants software exploits.
Recently, we have witnessed the case of San Bernardino shooting, where the iPhone owned by the accused had to be deciphered for accessing critical data instrumental in that gory attack. Apple had declined to provide a back-door as it makes millions of users across the world vulnerable. However, an unidentified company has reportedly been paid 1 Million Dollars for exploiting a flaw and get access to the data in the phone.
In this age when sensitive information is always tried to be tracked by known and unknown forums around the world, will an individual’s right to privacy be maintained for the years to come despite all the flaws and vulnerabilities that can potentially promote illegal spying on people? It is up to the governments to use them as effective tools for identifying anti-social suspects and avoid the wrath of human rights activists.