A Company Offers $500,000 For Secure Messaging Apps Zero-Day Exploits

How much does your privacy cost?

It will soon be sold for half a Million US dollars.

A controversial company specialises in acquiring and reselling zero-day exploits is ready to pay up to US$500,000 for working zero-day vulnerabilities targeting popular secure messenger applications, such as Signal, Telegram and WhatsApp.

Zerodium announced a new pricing structure on Wednesday, paying out $500,000 for fully functional remote code execution (RCE) and local privilege escalation (LPE) vulnerabilities in Signal, WhatsApp, iMessage, Viber, Facebook Messenger, WeChat, and Telegram.

The payouts for all these secure messengers have been increased after tech companies introduced end-to-end encryption in their apps, making it more difficult for anyone to compromise their messaging platforms.

The same payout is offered for remote code execution and local privilege escalation security flaws in default mobile email applications.

Launched in 2015, Zerodium is a Washington, DC-based premium exploit acquisition platform by the infamous French-based company Vupen that buys and sells zero-day exploits to government agencies around the world.

The maximum bounty offered by the company remains for Apple’s iOS devices with $1.5 million offered to anyone who can pull off a remote jailbreak of iOS devices without any user interaction, and $1 million for those that require user interaction.

Read more…

Source: The Hacker News