Yes.
There are now full-blown companies that sell and buy exploits.
Some companies also deal in trading zero-day exploits.
Now, these same companies are offering upwards of seven figures to anyone who can develop hacks which allow cops and spies (among other people) to steal various chat application messages including those found in iMessage and WhatsApp.
That isn’t necessarily a bad thing.
You might ask how?
Well, it turns out, any given law enforcement agency or a government could actually need some help in intercepting various communications of a variety of criminal and terrorist groups who make use of iMessage or Whatsapp.
Now all that they have to do is to pay such companies more money in order to get what they want.
A startup by the name of Zerodium recently announced a price increase for almost each and everything that the company is looking for.
For those who don’t know, Zerodium sells and buys hacking tools along with exploits and deals with governments all over the world.
Zerodium is not paying top dollar for various services such as Windows exploit as well as iOS remote jailbreaks.
The company also said that it would begin to offer more money to security researchers as well.
They can now earn as much as $1,000,000 if they offer legitimate exploits for services such as iMessage and WhatsApp.
Zerodium is also paying money to those researchers who can develop exploits for SMS/MMS applications on any given major mobile operating system.
Chaouki Bekrar, the founder of Zerodium, recently said that messaging applications in general along with WhatsApp, in particular, represented the only forms of communication channels that various targets used in some cases.
He also said that end-to-end encryption in WhatsApp communications made it difficult for various governments and law enforcement agencies to intercept such type of online communications.
While engaging in online chat with reporters from Motherboard, Chaouki said that having the capability to actually remotely compromise such messaging applications in a direct manner without ever coming close to compromising the entire smartphone device was a lot more effective and strategic.
In order for anyone to compromise the entire iPhone service, it can take around $2 million or more.
Security researchers sometimes refer to the process as rooting the device or remote jailbreaking.
Most of the times such a process involves the hacker taking advantage of a series of exploits and bugs.
All the recent price increases essentially indicate that, generally speaking, mobile devices have actually become far more secure than before.
And because of that, hackers (black and white) are finding it difficult to hack them.
It goes without saying that various malicious actors are also finding it increasingly hard to break into Android and iOS devices.
Now, even though that is a good thing, it also means that more secure smartphone devices are also making the lives of various legitimate police departments and spying agencies much harder as well.
And this is exactly where companies such as Zerodium and others like Crowdfense and Azimuth, have stepped in to make some money.
These companies actually act as a kind of intermediaries between government agencies and security researchers who are constantly searching for tools which can help them break into various different kinds of targets.
Sometimes these tools are called zero-days.
If we go back just a couple of days ago, we would see that companies such as Zerodium were willing to offer anyone around
$500,000 for exploits which could help them crack open iMessage and Whatsapp.
That’s according to the company’s archives which are available on the official website of the company.
It is also true that the new prices are pretty much in line with the rest of the market.
That’s according to someone who used a run a firm which sold and acquired security exploits to various government agencies, Maor Shwartz.
Maor Shwartz gave an interview to Motherboard last December in which he told the publishing platform that security exploits for services and messaging applications such as Signal and WhatsApp (fundamentally the services that made use of end-to-end encryption) along with many others that used similar technologies could fetch up to $1 million for their developers.
Sometimes, a good security exploit could even fetch upwards of $4 million.
But all depended on the circumstances.
Governments and spying agencies who urgently needed to hack some of their targets had to pay more for the same type of exploit.
Shwartz also mentioned that there were quite a few companies which were willing to purchase some unicorns for a ton of money.
According to him, such companies could shell out more than $1 million USD dollars for a particular security vulnerability.
More specifically, the expensive exploits include remote code execution on services such as Telegram, Signal, WhatsApp and iMessage.
Once someone had that kind of security vulnerability, it was worth a good amount of money.
Bekrar actually warned, despite of the fact that it had become much more difficult to hack and exploit some of the modern mobile apps and operating systems, firms had started to see more and more bugs than ever before.
Bekrar told reporters from Motherboard that exploitation was now much harder than before.
It also took longer than before.
However, more and more security researchers were looking into such types of targets.
And that is the reason why firms such as that of Bekrar’s increased their prices.
By increasing the prices, security firms could continue the current momentum and hence encourage security researchers to keep their hunt for another security exploit well and alive.
He further added that he had started his work in the zero-day industry more than 15 years ago.
Ending his comment, he said that throughout his years in the industry he had never seen so many security exploits popping up as in the last year alone.
He said that people would find it difficult to imagine what was being sold and developed.
Source: https://securitygladiators.com/hack-imessage-and-whatsapp/
