• Operation Zero, a Russian company, has increased its bounty for zero-day exploits on iPhones and Android devices from $200,000 to $20 million.
  • The company sells these exploits exclusively to Russian private and government organizations, specifying that the end user is a non-NATO country.
  • The high bounties may be temporary and are a reflection of market demand and the difficulty of hacking iOS and Android platforms.
  • Unlike traditional bug bounty platforms, Operation Zero sells vulnerabilities to governments without alerting the affected vendors.
  • The zero-day market is largely unregulated, but affected by geopolitics, such as new regulations in China that aim to corner the market for intelligence purposes.
  • @henfredemars@infosec.pub
    link
    fedilink
    English
    3
    edit-2
    1 year ago

    I was about to say that sounds high for an exploit these days. If truly the cost is going up, that’s great news for end users.

    I’d have put it at $2-3 mil for zero click.