A US-based security firm Zerodium which specialises in acquiring and reselling zero-day exploits has offered $500,000 (Rs 3 crore) for finding zero-day exploits in secure messaging platforms including WhatsApp, Signal and Telegram.
A zero-day exploit is a security flaw in a software that is unknown even to the vendor. This security flaw is exploited by black-hat hackers before the vendor becomes aware and fixes it. Messengers like Whatsapp and Signal use end to end encryption and the payouts for exploiting these messengers proves that compromising these apps is no child’s play but as seen in the past, for the right price, even the most sophisticated can be hacked.
“ZERODIUM pays premium bounties and rewards to security researchers to acquire their original and previously unreported zero-day research affecting major operating systems, software, and devices. “While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and [proof of concepts] but pay very low rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market.” said company on its website.
According to its website, ZERODIUM customers are major corporations in defense, technology, and finance, in need of advanced zero-day protection, as well as government organisations in need of specific and tailored cybersecurity capabilities.
“Surveillance agencies and governments are actively seeking and in some cases like UK, are demanding access to communication on encrypted messaging platforms with little luck. This $500,000 bounty does not come as a surprise. If anything it appears to be low,” said Ankush Johar, Director, BugsBounty.com.
“A Bug Bounty program is crowd sourcing of a defensive nature. This hunt for Zero-Days is offensive crowd sourcing of security vulnerabilities. Crowdsourced security is the ultimate solution for finding any possible security bug whether defensive or offensive, like in this case,” he added.
“Telegram had offered $200,000 to any hacker that could break their encryption back in 2014. Whatsapp also runs a bugs bounty program, but the $500,000 zero-day bounty highlights the heightened market demand for such security exploits.”
“Right to privacy has been declared a fundamental right in India and citizens globally are demanding greater privacy. This could drive the price upwards to $1.5 million, like in the case of iOS previously,” said Johar.