Zerodium Ups iOS Bug Bounty to $1.5M

...

Looking to make some serious cash? Grab an iPhone and start hacking.

The somewhat controversial security start-up Zerodium, which buys and sells zero-day (aka unknown) software exploits, has increased its permanent bug bounty for iOS flaws to $1.5 million.

The firm made headlines last year when it offered $1 million for unknown iPhone and iPad flaws. Zerodium ended up cutting that $1 million bounty in half after paying for three qualifying submissions, but now the reward is back up and higher than ever.

If iOS hacking isn't your thing, the company also this week increased bounties for Android and Flash flaws. Zerodium is now paying double — or $200,000 — for Android bugs and $80,000 for Flash vulnerabilities (up from $50,000).

Zerodium founder Chaouki Bekrar told Ars Technica the new prices reflect today's tightened security landscape. "Prices are directly linked to the difficulty of making a full chain of exploits, and we know that iOS 10 and Android 7 are both much harder to exploit than their previous versions," he told Ars.

Apple launched a bug bounty program of its own just last month, offering hackers up to $200,000 to identify vulnerabilities in its products. Google has offered bug bounties for some time, but its prices, too, are only a fraction of Zerodium's million-dollar-plus payday.

As Ars notes, however, getting a bounty from Zerodium requires a lot more work, since the company is seeking so-called "weaponized" exploits, which give an attacker full control over a targeted device, not just rough proof-of-concept code. It's also worth mentioning that not everyone is a fan of Bekrar, who has a history of selling exploits to the highest bidder, rather than disclosing issues to the manufacturer.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Anatomy of a Bounty Brief

    Download There are two sides to every bug bounty--the company running the program and the researchers submitting to it.From years of starting, managing and running our own programs, we've compiled some of the most important parts of a bounty brief.
  • 5300c769af79e

    Report: Galaxy Note 8 Launch in September, Possible Specs Provided

    Earlier this week, a report from overseas stated that Samsung intends to unveil the Galaxy Note 8 on August 20, followed by a launch later that month.1″ larger than the current Galaxy S8+), Snapdragon 835 (or Exynos depending on your market), 6GB RAM, 3,300mAh battery, and a S Pen with updated functionality.
  • 5300c769af79e

    Google Updates Wallpapers App With More Wallpapers

    Whenever we take a photo of a phone, we typically feature some sort of super hot wallpaper.Once posted, we sometimes receive comments and tweets about where the wallpaper came from, and typically, the answer is Google’s Wallpapers app.
  • 5300c769af79e

    10 ERP Players Shaping The Market

    And cloud-based vendors jumping into the mix could usher in a new wave of market disruption.Here are 10 major ERP players you should know.