Zerodium Ups iOS Bug Bounty to $1.5M

...

Looking to make some serious cash? Grab an iPhone and start hacking.

The somewhat controversial security start-up Zerodium, which buys and sells zero-day (aka unknown) software exploits, has increased its permanent bug bounty for iOS flaws to $1.5 million.

The firm made headlines last year when it offered $1 million for unknown iPhone and iPad flaws. Zerodium ended up cutting that $1 million bounty in half after paying for three qualifying submissions, but now the reward is back up and higher than ever.

If iOS hacking isn't your thing, the company also this week increased bounties for Android and Flash flaws. Zerodium is now paying double — or $200,000 — for Android bugs and $80,000 for Flash vulnerabilities (up from $50,000).

Zerodium founder Chaouki Bekrar told Ars Technica the new prices reflect today's tightened security landscape. "Prices are directly linked to the difficulty of making a full chain of exploits, and we know that iOS 10 and Android 7 are both much harder to exploit than their previous versions," he told Ars.

Apple launched a bug bounty program of its own just last month, offering hackers up to $200,000 to identify vulnerabilities in its products. Google has offered bug bounties for some time, but its prices, too, are only a fraction of Zerodium's million-dollar-plus payday.

As Ars notes, however, getting a bounty from Zerodium requires a lot more work, since the company is seeking so-called "weaponized" exploits, which give an attacker full control over a targeted device, not just rough proof-of-concept code. It's also worth mentioning that not everyone is a fan of Bekrar, who has a history of selling exploits to the highest bidder, rather than disclosing issues to the manufacturer.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    EFF Sues Feds Over 'Unconstitutional' Copyright Law

    The Electronic Frontier Foundation this week sued the government on behalf of technology creators and researchers in a bid to overturn parts of US copyright law it deems unconstitutional.Two provisions in Section 1201 of the Digital Millennium Copyright Act (DMCA) restrict user access to purchased content, which violates the First Amendment, according to the EFF.
  • 5300c769af79e

    Verizon Adds $50-5GB and $70-10GB Options to Prepaid Lineup

    Not to be outdone by AT&T’s GoPhone prepaid announcements this morning, Verizon has announced two new options to their own lineup.Starting November 13, Verizon prepaid customers will be able to choose from five different plans, two of which include 5GB or 10GB of data.
  • 5300c769af79e

    Elite 100: Celebrating Innovation

    Capital One, The Weather Company, Horizon, Penn Medicine, and FedEx.Each received a coveted spot on InformationWeek's Elite 100.
  • 5300c769af79e

    Video: Pixel Launcher First Look and Tour!

    With the Pixel Launcher floating around for sideloading fun (download here), we installed it on a couple of devices and decided to take it for a quick spin on camera.This version feels quite final and polished and completely worth a deeper look now that it has changed names from Nexus to Pixel.