The value of zero-day exploits is rapidly increasing as companies work to strengthen their products against hackers. One startup, Crowdfense, recently released an updated price list for tools that can break into iPhones, Android devices, popular browsers like Chrome and Safari, and chat applications like WhatsApp and iMessage. These exploits rely on unknown vulnerabilities in software, making them highly sought after and valuable – with Crowdfense offering a whopping $5 to $7 million for iPhone zero-days and up to $5 million for Android zero-days.
Crowdfense and its competitor Zerodium claim to acquire these zero-days in order to sell them to government agencies or contractors who often use them for tracking or surveillance purposes. And with companies like Apple, Google, and Microsoft constantly improving their security measures, the price for these hacking tools has skyrocketed.
“The job of exploiting vulnerabilities is getting harder year over year,” said Dustin Childs of Trend Micro ZDI, a company that pays researchers to acquire zero-days and reports them to affected companies for fixing.
In a recent report, Google revealed that it has seen an increase in the use of zero-days in the wild, with 97 being used in 2023 alone. Many of these zero-days were used by spyware vendors who work with companies like Crowdfense and Zerodium to acquire the exploits. However, with the increasing difficulty of finding and exploiting these vulnerabilities, the cost for these tools has gone up.
In fact, Crowdfense CEO Paolo Stagno stated that it now takes a team of researchers to develop a zero-day exploit, as opposed to just one person a few years ago. This additional effort and complexity have resulted in the price boost seen in Crowdfense’s updated price list.
While Crowdfense currently offers some of the highest publicly known prices for zero-days, it’s possible that even higher prices are being paid behind closed doors. Cases have been reported where governments have used zero-days for law enforcement purposes, and there have been allegations of abuse in countries with poor human rights records. As a result, companies like Crowdfense and Zerodium have been criticized for providing these powerful tools to unsavory governments.
However, Crowdfense states that they follow all embargoes and sanctions imposed by the United States and will not sell to countries on the U.S. sanctions list. They also have a code of business ethics in place to avoid doing business with entities known for human rights abuses.
As the security landscape continues to evolve and companies work to protect their products, the price for zero-day exploits is likely to continue rising. And while some may argue that these powerful tools should not be sold to governments, it’s clear that the demand for them is only increasing.
If you have information on zero-day brokers or spyware providers, you can contact TechCrunch securely through several channels such as Signal, Telegram, or email.
[…] new EVs priced below $30,000 and only four models priced below $40,000. In comparison, the average price of an EV in 2023 was $61,702 while non-EV vehicles averaged at […]