Security Company Zerodium Offering $500K for SMS Exploits
Zerodium are offering a massive $500,000 bounty.
Zerodium are offering a massive $500k bounty for those that can track down zero-day exploits for IM and SMS apps.
The world of internet and smartphone security is like a game of cat and mouse. Malware creators and hackers are constantly looking for new exploits, whilst security companies are working flat out to find patches for these loopholes.
To showcase just how big the anti-malware industry is, we now have Zerodium offering up to $500,000 for any white-hat hackers that can help them spot zero day exploits for SMS and IM apps. Zerodium works closely with top-name software developers to give them protection against zero day exploits, and they’re offering top dollar to anybody that can help them find such loopholes.
In a statement, Zerodium shared their thoughts on their large exploit bounties; “Zerodium pays premium bounties and rewards to security researchers to acquire their original and previously unreported zero-day research affecting major operating systems, software, and devices.”
“While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and PoCs but pay very low rewards, at Zerodium we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market.”
What’s great about this kind of bounty system is that not only will it bring white-hat hackers lots of potential income, but it will encourage black-hat hackers to share their exploits to earn a bounty, which could potentially lay waste to any malware out there that may be using these unsecured exploits.
Currently, the apps that Zerodium will pay $500,000 for include WeChat, Viber, Facebook Messenger, Signal, Telegram, WhatsApp, and iMessage.
Zerodium are also offering $500,000 for any exploits related to SMS tracking and email monitoring malware. There are a number of different tiers of rewards for exploits across other apps and software as well. Zerodium’s current bounty pricing list can be seen below. You can learn more about the exploit bounty program on Zerodium’s website.
The exploits include those that can be injected remotely, as well as those that require local access to the device. Currently, Zerodium also offer a number of desktop based exploit bounties, but they’re currently putting more focus on their mobile bounty program.
They are also desperately seeking any zero day exploits for iPhone remote jailbreak exploits. With these exploits still hiding in the wild, Apple’s iOS software is essentially laying victim a range of nasty malware opportunities.
Currently, Zerodium is offering up to $1,500,000 for zero click remote jailbreak exploits, and up to $1,000,000 for other iPhone remote jailbreak exploits. Zerodium has also mentioned that they “May pay higher rewards for exceptional exploits or research.”
With security firms offering million dollar bounties and new malware cropping up on both Android and iPhone, it’s clear that the battle for smartphone security has quickly become a critical matter.
Currently, most smartphone users do not think to use the same security and safety procedures that they’d use on a desktop PC, but it may be time to start spreading awareness about smartphone security. As smartphone adoption increases, more exploits are hitting devices across the globe and more exploits are regularly being found.