CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 730
- Points
- 113
The company has greatly overestimated the bar for payments for finding vulnerabilities in smartphones.
Zero-day exploit broker OpZero has hit the market with its offerings. While the company is fairly new to selling exploits, it is now increasing payments to researchers from $ 200,000 to $ 20 million for iPhone and Android hacking tools.
The Russian company noted that the current rewards may be temporary and reflect a specific moment in the market and the complexity of hacking iOS and Android. Representatives of the company said that the clients of the company, which has been operating since 2021, "as always, are a non-NATO country."
The offer includes iOS exploits, including Remote Code Execution( RCE), Local Privilege Elevation (LPE), sandbox Bypass (SBX), or a full chain of exploits. The same amount is offered for exploits in the Android operating system.
Last year, OpZero already caused a wide response, offering $ 1.5 million for the RCE exploit for Signal — three times more than the well-known company Zerodium offered.
An exploit broker works like this: the researcher sends a product description, the company analyzes it and possibly asks additional questions, after which it makes a purchase offer. The researcher submits the source code of the exploit, and the company pays the researcher a reward after verifying the exploit.
After purchasing the exploit, OpZero can sell it to others. Further use of the exploit depends on the buyer, and may include fixing vulnerabilities, hacking, or other actions.
Zero-day exploit broker OpZero has hit the market with its offerings. While the company is fairly new to selling exploits, it is now increasing payments to researchers from $ 200,000 to $ 20 million for iPhone and Android hacking tools.
The Russian company noted that the current rewards may be temporary and reflect a specific moment in the market and the complexity of hacking iOS and Android. Representatives of the company said that the clients of the company, which has been operating since 2021, "as always, are a non-NATO country."
The offer includes iOS exploits, including Remote Code Execution( RCE), Local Privilege Elevation (LPE), sandbox Bypass (SBX), or a full chain of exploits. The same amount is offered for exploits in the Android operating system.
Last year, OpZero already caused a wide response, offering $ 1.5 million for the RCE exploit for Signal — three times more than the well-known company Zerodium offered.
An exploit broker works like this: the researcher sends a product description, the company analyzes it and possibly asks additional questions, after which it makes a purchase offer. The researcher submits the source code of the exploit, and the company pays the researcher a reward after verifying the exploit.
After purchasing the exploit, OpZero can sell it to others. Further use of the exploit depends on the buyer, and may include fixing vulnerabilities, hacking, or other actions.
