Exploit Broker Offers A Whopping $1.5 Million In iOS 10 Bug Bounties To Sell To Government Spies
The company is called Zerodium. It bills itself as the premium exploit acquisition platform for high-end zero-days and advanced vulnerability research. Zerodium's only been in business for a year but is well known in tech circles for its controversial business model and open advertising of seeking exploits for specific reward amounts, which are usually very large.
Here's a look at the updated rates for various exploits:
- Apple iOS 10 (remote jailbreak): $1,500,000 (up from $500,000)
- Android 7 (remote jailbreak): $200,00 (up from $100,00)
- Flashe (RCE) + Sandbox Escape: $100,00 (up from $80,000)
- MS Edge + IE (RCE) + Sandbox Edge: $80,000 (up from $50,000)
- Safari on Mac (RCE) + Sandbox Escape: $80,000 (up from $50,000)
- OpenSSL or PHP (RCE): $50,000 (up from $40,000)
- MS Windows REader App (RCE): $50,000 (up from $30,000)
- MS Office Word/Excel (RCE): $40,000 (up from $30,000)
In 2015, the company offered $1 million for iOS exploits with a $3 million ceiling, but dropped the price to $500,000 after paying out three qualifying submissions. Zerodium founder Chaouki Bekrar tells Arstechnica that the new and higher rates—triple the reduced amount from last year for iOS—reflect improvements that Apple and Google made to their respective OSes, which are now harder to hack.
"Prices are directly linked to the difficulty of making a full chain of exploits, and we know that iOS 10 and Android 7 are both much harder to exploit than their previous versions," Bekrar said.
He also explained that the reason iOS 10 pays out 7.5X more than Android 7 exploits is either because Zerodium deemed iOS 10 to be 7.5X more difficult to exploit or because demand for such exploits is 7.5X higher.