A Fellowship Offers $500,000 For Secure Messaging Apps Zero-Day Exploits

How much does your privacy cost?

It volition presently live on sold for one-half a Million U.S. dollars.

H5N1 controversial companionship specialises inward acquiring as well as reselling zero-day exploits is laid upwards to pay upwards to US$500,000 for working zero-day vulnerabilities targeting pop secure messenger applications, such every bit Signal, Telegram as well as WhatsApp.

Zerodium announced a novel pricing construction on Wednesday, paying out $500,000 for fully functional remote code execution (RCE) as well as local privilege escalation (LPE) vulnerabilities inward Signal, WhatsApp, iMessage, Viber, Facebook Messenger, WeChat, as well as Telegram.

The payouts for all these secure messengers convey been increased later tech companies introduced end-to-end encryption inward their apps, making it to a greater extent than hard for anyone to compromise their messaging platforms.

The same payout is offered for remote code execution as well as local privilege escalation safety flaws inward default mobile electronic mail applications.

Launched inward 2015, Zerodium is a Washington, DC-based premium exploit acquisition platform past times the infamous French-based companionship Vupen that buys as well as sells zero-day exploits to regime agencies roughly the world.

The maximum bounty offered past times the companionship remains for Apple's iOS devices amongst $1.5 i K 1000 offered to anyone who tin clit off a remote jailbreak of iOS devices without whatsoever user interaction, as well as $1 i K 1000 for those that postulate user interaction.

This payout was laid concluding yr when Zerodium raised the cost for a remote iOS 10 jailbreaks from $1 Million to $1.5 Million, which is to a greater extent than than 7 times what Apple is offering (up to $200,000) for iOS zero-days via its bug bounty program.

Zerodium Zero-Day Hit-list:

Zerodium's payout for other novel exploit categories for servers as well as desktop computers include:

• Up to $300,000 for a Windows 10 exploit that requires no user interaction
• Up to $150,000 for Apache Web Server
• Up to $100,000 for Microsoft Outlook
• Up to $80,000 for Mozilla Thunderbird
• Up to $80,000 for VMware escapes
• Up to $30,000 for USB code execution

Zerodium has besides raised the prices the companionship volition pay for a hit of other exploits, which include:

• Chrome RCE as well as LPE for Windows—from $80,000 to $150,000
• PHP Web programming linguistic communication RCE—from $50,000 to $100,000
• RCE inward OpenSSL crypto library used to implement TLS—from $50,000 to $100,000
• Microsoft Exchange Server RCE—from $40,000 to $100,000
• RCE as well as LPE inward the TOR version of Firefox for Linux—from $30,000 to $100,000
• RCE as well as LPE inward the TOR version of Firefox for Windows—from $30,000 to $80,000

The zero-day marketplace has long been a lucrative draw concern for someone firms that regularly offering to a greater extent than payouts for undisclosed safety vulnerabilities than big technology companies.

Hackers volition instruct the payout inside a calendar week of submitting the zero-day vulnerabilities along amongst a working proof-of-concept, though nosotros recommend y'all to submit them to the affected vendors because it's a affair of fourth dimension when some dark lid finds as well as uses them against y'all as well as broad audience.

Share This :