Posted on August 24, 2017 at 11:47 AM
Your phone’s security and privacy might soon be in danger because a company which specialty is to acquire and resell zero-day exploits is now looking to a hacker willing to break their way into Signal and WhatsApp. The two most popular secure mobile messaging platforms, and they’re offering a lot of money.
The firm in question is called Zerodium, and it’s based in Washington, DC. The firm announced on August 23rd that they will give half a million dollars to the person who delivers them tools that permit remote code execution and local privilege escalation on the apps in question. To put it simply – the firm wants a way into your device without you noticing it at all.
On their official website, the firm states that it pays premium bounties and rewards to security researchers that acquire their original and previously unreported zero-day research affecting major operating systems, software, and devices. Zerodium’s focus is on the high-risk vulnerabilities, and their rewards are equally as high – the highest on the market, actually.
So you just need to give the company an already functioning tool, and Zerodium will throw money at you with a smile on their faces.
The company’s goal isn’t just to crack into Signal and WhatsApp – they offer $1.5 million if you can give them tools for remotely jailbreaking an iPhone, and judging by the size of the rewards they’re willing to pay for the tools, this seems like an important issue for the firm and their mysterious client base.
The company’s policy is not to tell names of their exact customers, but some clues can be found on the official website. As the website states, their customers are big corporations in technology, defense, and finance that require advanced zero-day protection and government organizations that need certain cybersecurity capabilities.
Mashable reached out to the company and requested a comment about their customers, but the response hasn’t come back to us as of the time of releasing this.
In case you’re wondering if this hasn’t any impact on you – yes, it does. It could mean good news for all of us because if Signal and WhatsApp are on top of the firm’s priority list, that means the apps are very difficult to get into.
But the high reward might motivate people to break into the apps quickly, and if you’re a high-value target, yes, you should be afraid of your privacy and safety. But if you’re a regular old person, it’s highly unlikely someone will pay a large amount of money to read your messages.
Whatever happens, just make sure you update your apps regularly. While the updates won’t save you from zero days, they’re still the best way to protect your device from attackers.