In January, Zerodium raised its maximum payout to $2m, the company announced, for any vulnerability that can remotely “jailbreak” an iOS device, enabling unauthorised software installations, without requiring user integration.Īpple is fighting back, however, issuing select security researchers pre-jailbroken iOS devices in an effort to help responsible researchers find bugs before their less ethical colleagues, according to a Forbes report from earlier this month. On the government side, however, companies such as Zerodium pioneered the practice of explicitly advertising that they would buy security vulnerabilities, with the intent of passing them on to government clients who use them as part of their espionage operations. On the corporate side, the rise of bug bounties has ensured that responsibly disclosing weaknesses isn’t just something companies like Apple, Google and Microsoft expect hackers to do out of the goodness of their hearts, but can actually help those who find them pay the bills. It also includes any vulnerability in the encryption used by messaging services, including WhatsApp and iMessage, that could be used to intercept messages in transit and silently decrypt them.Ĭompetition between governments and tech companies for knowledge of security vulnerabilities is more open than it has ever been. Below are resources to learn more on how CISA can support your organization. The “high-end market” for those sorts of buyers includes the same “zero-click RCEs” – remote command execution – for which Apple is offering its highest payout. Billington CyberSecurity Summit September 5-8, 2023. That matches what researchers could expect to earn if they went down the “grey hat” route and sold their finding to governments or contractors who intended to use it to hack state enemies, rather than fix it, according to Shwartz.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |