Zero-Day Android exploits are now more valuable then iOS exploits.
The infosec and premium zero-day acquisition platform Zerodium known for selling zero-day exploits to governments has announced that it will be paying a huge amount of money to buy zero-day Android exploits.
In total, the company will pay up to a whopping $2.5 million to hackers and cyber security researchers for reporting full chain, zero-click, with persistence zero-day for Android.
It is worth mentioning that for the first time Zerodium is paying more money for Android-related exploits than iOS ones. Previously, the company offered $2 million to buy iOS remote jailbreak which has now been decreased to $1 million.
Furthermore, the company will pay up to $1.5 million for reporting zero-click, without persistence zero-day related to WhatsApp and iMessage. Previously, the prize money for both platforms was $1 million. Moreover, prize money for Apple iOS full chain, one-click with persistence has been decreased from $1.5 million to $1 million.
The sudden increase in prize money indicates that Android exploits have become rather valuable in the eyes of governments and security agencies, thanks to the vulnerable state of the world’s most popular smartphone operating system.
A full preview of Zerodium payouts for mobiles:
The programs mentioned above are widely used by billions of users around the world collectively. Therefore, it is important to keep them secure from cybercriminals and malicious threat actors. And since bug bounty programs have been enormously successful, they also provide a chance for young and enthusiastic hackers to show their skills and get paid in return.
However, Zerodium customers are mainly government organizations in need of specific and tailored cybersecurity capabilities, as well as major corporations from defense, technology, and financial sectors, in need of protective solutions to defend against zero-day attacks. Access to ZERODIUM solutions and capabilities is highly restricted and is only available to a very limited number of organizations.
You can learn more about current and previous bug bounty programs by following this link.