Monday, March 1, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Android exploits are now worth more than iOS exploits for the first time

September 4, 2019
in Internet Security
Android exploits are now worth more than iOS exploits for the first time
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Zerodium, a company which claims it buys and then resells software exploits to government and law enforcement agencies, has updated its price list today, and Android exploits are worth more than iOS exploits for the first time ever.

According to the company, starting today, a zero-click (no user interaction) exploit chain for Android can get hackers and security researchers up to $2.5 million in rewards. A similar exploit chain impacting iOS is worth only $2 million.

You might also like

These four new hacking groups are targeting critical infrastructure, warns security company

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

Zerodium’s new price for Android exploits is almost twelve times more when compared to the maximum of $200,000 the company was willing to offer a year ago, and even 100 times more than Zerodium was paying for some of the lower-impact Android exploits.


Image: Zerodium

Zerodium has timed its announcement with Google’s official release for Android 10, scheduled for later today. A Google spokesperson did not return a request for comment.

Higher rewards for IM exploits as well

At the same time, Zerodium also announced it was increasing payouts for exploits in instant messaging clients, regardless of the OS they are running.

An exploit chain consisting of a no-user-interaction (zero-click) remote code execution (RCE) bug and a local privilege escalation (LPE) in WhatsApp or iMessage is now worth $1.5 million, even if reboot persistence isn’t achieved.

If user interaction is required, then the reward/price for the exploit chain goes down to $1 million for WhatsApp and $500,000 for iMessage.

Last year, similar bugs in these two IM apps would have brought only a maximum of $500,000.

A market shift

In a tweet from the company’s official Twitter account, Zerodium claimed the price updates are “in accordance with market trends.”

This is consistent with what Zerodium CEO Chaouki Bekrar told ZDNet in an interview this March after the company launched a zero-day acquisition program for cloud-based technologies.

Bekrar said that Zerodium’s customers, are the ones who ask for specific exploit chains, and his company reacts by increasing rewards for exploit submissions.

In other words, Zerodium’s price hike today can be interpreted as law enforcement agencies and government agencies across the world showing a sudden interest in acquiring software exploits for Android devices.

When ZDNet asked Bekrar today if the Android market fragmentation would play a role in what exploits his company would accept, the Zerodium exec said they’ll “mostly focus on Google, Samsung, Huawei and Sony devices,” but that exploits for other brands were also accepted, but on a case by case basis.

Prior to today, most exploit brokers, not just Zerodium, priced iOS exploits higher because iPhones run on the same hardware, and are mostly up to date, which makes Apple’s job easier in keeping devices secured, and hackers’ job harder in hacking these devices.

In contrast, there are tens of Android OEMs making their own devices on different hardware specs, and most of today’s Android devices are hopelessly out of date, as mobile carriers and device vendors have failed to deliver over-the-air (OTA) security updates in timely manners for years.

Bekrar explains further how this landscape and the security features of the two operating systems has played a role in Zerodium increasing prices for Android zero-day exploits.

“During the last few months, we have observed an increase in the number of iOS exploits, mostly Safari and iMessage chains, being developed and sold by researchers from all around the world,” the Zerodium CEO said. “The zero-day market is so flooded by iOS exploits that we’ve recently started refusing some them.

“In the other hand, Android security is improving with every new release of the OS thanks to the security teams of Google and Samsung, so it became very hard and time-consuming to develop full chains of exploits for Android and it’s even harder to develop zero-click exploits not requiring any user interaction,” he added.

“In accordance with these new technical challenges related to Android security and our observations of market trends, we believe that time has come to allocate the highest bounties to Android exploits until Apple re-improves the security of iOS and strengthens its weakest parts which are iMessage and Safari (Webkit and sandbox).”

Article updated on September 3, at 14:10pm ET, with comments from the Zerodium CEO.


Credit: Zdnet

Previous Post

XKCD Forum Hacked – Over 562,000 Users’ Account Details Leaked

Next Post

Why You Need a Video Marketing Strategy: 40+ Statistics

Related Posts

These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Next Post
Why You Need a Video Marketing Strategy: 40+ Statistics

Why You Need a Video Marketing Strategy: 40+ Statistics

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

The Bayesian vs frequentist approaches: implications for machine learning – Part two
Data Science

The Bayesian vs frequentist approaches: implications for machine learning – Part two

March 1, 2021
Google’s deep learning finds a critical path in AI chips
Machine Learning

Google’s deep learning finds a critical path in AI chips

March 1, 2021
9 Tips to Effectively Manage and Analyze Big Data in eLearning
Data Science

9 Tips to Effectively Manage and Analyze Big Data in eLearning

March 1, 2021
Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ
Machine Learning

Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ

March 1, 2021
The Future of AI in Insurance
Data Science

The Future of AI in Insurance

March 1, 2021
Machine Learning as a Service (MLaaS) Market Analysis Technological Innovation by Leading Industry Experts and Forecast to 2028 – The Daily Chronicle
Machine Learning

Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network

March 1, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • The Bayesian vs frequentist approaches: implications for machine learning – Part two March 1, 2021
  • Google’s deep learning finds a critical path in AI chips March 1, 2021
  • 9 Tips to Effectively Manage and Analyze Big Data in eLearning March 1, 2021
  • Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ March 1, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates