Do you want to have a million dollars in an instant? Try hacking an iPhone.
Bug broker Zerodium is offering a payment of $1.5 million for zero-day exploits. These zero-day exploits are hacks that can be immediately taken advantage of. The $1.5 million will be rewarded to anyone who can hack a fully patched iPhone running on iOS 10. The $1.5 million payment will be reserved exclusively for advanced exploits that will enable hackers to fully access a user’s data and device.
Zerodium’s founder Chaouki Bekrar told Ars Technica that advanced hacks in iOS 10 are around 8 times more difficult to achieve compared to Google’s Android operating system. Zerodium has previously paid $500,000 for a zero-day exploit. Zerodium has pegged similar hacks on Android at a maximum fee of $200,000.
How Bug Brokers Work
Bug brokers such as Zerodium and Exodus Intelligence operate in the security community. It pays independent hackers, consultants, and companies that dissects and reveals a fully exploitable flaw. When these hackers successfully figured the flaw out, they will pay the hacker and take ownership of the method. The method will be sold to governments and defence contractors.
The operations of bug broker firms have been criticized for enticing malicious hackers to access and hack individuals and companies. However, Zerodium emphasizes that they are focusing on selling technology to companies, cybersecurity vendors, and governments.
Furthermore, such approach is concerning those who don’t favour the idea of companies selling technologies that enables them to be hacked. It’s like a cyber mercenary approach if you look at it. The flaws or bugs aren’t really relayed to companies like Google or Apple which can fix the bug and omit the hacking for pay opportunity. Such notion suggests that billions of users are vulnerable to hacks.
The FBI Pays for Bug Broking
It’s obvious that Zerodium is paying a significant amount to trace flaws and bugs. Being a bug broker is serious business and it pays serious amount of money as well. TIME reports that Exodus was said to have charged $200,000 annually to clients who wanted exploits on software in 2014. The FBI has even paid $1 million an anonymous bug broker firm to access the iPhone of San Bernardino attacker Syed Farook.
Google and Apple Initiates Bug Bounty Program
Google and Apple are already initiating mercenary approach as well. The pay users and security firms that track bugs in their technologies. Apple’s bug bounty program rewards hackers up to $200,000. Tech companies use the information to fix security bugs and flaws. Bug brokers sell the solution to fix a particular flaw.
The big idea here? Bug brokers pay higher than tech companies. $100,000 for an attack on Adobe’s Flash. Hack Apple’s Safari and get paid $80,000. So if you’re a hacker, which job would you pick? It’s either a bold career move or simply a money thing.