6 February 2019

Zerodium offers $ 1 million for hacking WhatsApp and iMessage

Zerodium company specialized in buying and selling information about vulnerabilities and exploits for them, announced a reward of $ 1 million for hacking such well-known messengers as WhatsApp and iMessage.

The company promises to pay money to those who will provide exploits related to SMS / MMS of mobile applications.

Despite all the criticism and doubts about the legitimacy of such a business, Zerodium is working absolutely in a legal way and according to the law. The company has been working for a long time in the interests of public services around the world. Chaouki Bekrar, the founder of Zerodium, emphasized that messaging applications can serve as a communication channel for frauds, and it is the encryption that prevents the special services from obtaining the necessary information. Therefore, he adds that having remote access to such programs will boost the work productivity of the special services.

Note that scammers’ compromise of the iPhone could cost the state at least $ 2 million. Such a large sum of money indicates that gadget protection systems are being improved. It is sometimes difficult even for professional specialists to hack them, including such operating systems as iOS and Android. Therefore, the work of the special services gets complicated, since they fail to receive the necessary information from the phone.

But $ 1 million is just the beginning. The government is ready to raise the price for solving this issue and pay more.  All depends on the urgency and scope of the task. And, of course, the company’s developers of the compromised messengers will not receive information about the hacking, since the vulnerabilities are generally bought for independent use with no way to reveal the secrets of hacking.

It should be mentioned that the rewards of many bounty programs are much lower than those offered by Zerodium. So, hackers who succeeded to find certain vulnerabilities in the system do not share information about their achievements with the developers of this system. Let us remind you that in 2016 after Apple’s announcement of the reward for the found vulnerabilities, it is still unknown whether the company rewarded someone.

But it is clear that no one will want to share the information found if the reward for iOS jailbreak is $ 2 million. After all, Apple has its own limits –  payments may not exceed $ 200 thousand. Moreover, the hackers can be not paid at all if the specialists in Cupertino wouldn’t like something. For the last few months Zerodium offered $ 500 thousand as a reward, but today the price of iOS vulnerabilities has significantly increased.  We also see that Chrome RCE + LPE exploits, which now cost $ 500,000, are becoming more expensive too.

As a matter of fact, Zerodium attracts a lot of information security specialists who want to get more information in a fast way because in the companies of compromised product it may take several months to consider information about the hacking. And Zerodium pays money within a week, right after considering the exploits provided by the developer.