Increased security leads to higher prices for exploits.
In recent years, the cost of hacking tools for smartphones, popular browsers and instant messengers has increased significantly. Currently, exploits are estimated at millions of dollars, which is due to the increasing complexity of hacking these devices and applications.
Crowdfense startup has updated its price list for zero-day vulnerabilities — software bugs that developers don't know about. Now the company offers from $ 5 to $ 7 million for iPhone vulnerabilities, up to $ 5 million for Android, up to $ 3 and $ 3.5 million for Chrome and Safari, respectively, and from $ 3 to $ 5 million for WhatsApp and iMessage.
The price increase is due to increased security measures from Apple, Google and Microsoft aimed at protecting users. Hackers are finding it increasingly difficult to find and exploit vulnerabilities, which in turn leads to higher costs and prices in the zero-day exploit market.
Companies that specialize in finding vulnerabilities, such as Crowdfense, acquire them for the purpose of reselling them to government agencies or contractors who use them to spy or pursue criminals. At the same time, there are concerns about the use of such tools to violate human rights and spy on dissidents and journalists in some countries, as is the case with the Pegasus spyware.
Crowdfense declares compliance with US sanctions and embargoes, excluding countries under US sanctions from the list of potential customers. This approach is designed to prevent abuse by customers.
Despite the high prices that Crowdfense is willing to offer for vulnerabilities, experts note that prices can be even higher on the black market. There is also an opinion that the complexity and cost of finding vulnerabilities will continue to grow, which reflects the general trend of increasing software and device protection.
In recent years, the cost of hacking tools for smartphones, popular browsers and instant messengers has increased significantly. Currently, exploits are estimated at millions of dollars, which is due to the increasing complexity of hacking these devices and applications.
Crowdfense startup has updated its price list for zero-day vulnerabilities — software bugs that developers don't know about. Now the company offers from $ 5 to $ 7 million for iPhone vulnerabilities, up to $ 5 million for Android, up to $ 3 and $ 3.5 million for Chrome and Safari, respectively, and from $ 3 to $ 5 million for WhatsApp and iMessage.
The price increase is due to increased security measures from Apple, Google and Microsoft aimed at protecting users. Hackers are finding it increasingly difficult to find and exploit vulnerabilities, which in turn leads to higher costs and prices in the zero-day exploit market.
Companies that specialize in finding vulnerabilities, such as Crowdfense, acquire them for the purpose of reselling them to government agencies or contractors who use them to spy or pursue criminals. At the same time, there are concerns about the use of such tools to violate human rights and spy on dissidents and journalists in some countries, as is the case with the Pegasus spyware.
Crowdfense declares compliance with US sanctions and embargoes, excluding countries under US sanctions from the list of potential customers. This approach is designed to prevent abuse by customers.
Despite the high prices that Crowdfense is willing to offer for vulnerabilities, experts note that prices can be even higher on the black market. There is also an opinion that the complexity and cost of finding vulnerabilities will continue to grow, which reflects the general trend of increasing software and device protection.
