cross-posted from [email protected]
- Operation Zero, a Russian company, has increased its bounty for zero-day exploits on iPhones and Android devices from $200,000 to $20 million.
- The company sells these exploits exclusively to Russian private and government organizations, specifying that the end user is a non-NATO country.
- The high bounties may be temporary and are a reflection of market demand and the difficulty of hacking iOS and Android platforms.
- Unlike traditional bug bounty platforms, Operation Zero sells vulnerabilities to governments without alerting the affected vendors.
- The zero-day market is largely unregulated, but affected by geopolitics, such as new regulations in China that aim to corner the market for intelligence purposes.
But a wrench doesn’t give plausible deniability …