A recent report fromTechCrunch highlights a very successful marketfor its actors. This involves the resale of computer vulnerabilities to startups specializing in the field. The principle is simple,you found an iPhone security vulnerability? Then you have gold in your hands.
Companies like Zerodium or Crowdefense are willing to pay millions for this.Apple also pays vulnerability hunters, but not as much as companies specializing in the field.
Prices are exploding
The subject of reselling vulnerabilities is back on the table today, because Crowdefense has just updated its price list. This also concerns only the«exploits zero day »,who areexploitable vulnerabilitiesof which the creator of the system is not aware.
If Apple is aware of a flaw, then it is no longer of interest to Crowdefense, because Apple will correct it. Crowdefense will then no longer be able to transform it into functional spyware.
Indeed, Crowdefense's activity is controversial. The startup buys exploitable flaws from cybersecurity researchers, thenturns them into spyware,to finallyresell, often togovernment agencies, such as the FBI.Google recently denouncedthis kind of practice.
Apple gives up?
This type of business is thereforein direct competition with Apple on its own security, and prevents it from fixing certain vulnerabilities by monopolizing them and then making commercial use of them. At the same time,Apple cannot match pricesproposed, which go up to7 millionsthe dollarsfor an iOS flawoverall, and up to5 million for an iMessage exploit.
Here, the prices displayed are according to TechCrunch below the market. In this area, it is very likely that confidential arrangements amount to several tens of millions of dollars.Apple can offer up to $2 million “only”.
The prices offered by this type of Startup to redeem a vulnerability also continue to increase continuously, thanks to the strengthening of security at GAFAM. Industry players agree that it isincreasingly difficult to find a fault.Previously, a single researcher might be able to do this, but now it requires a team of several people.
i-nfo.fr - Official iPhon.fr app
By : Keleops AG
