Mobile messaging apps are the best way to communicate with friends and family around the world. We tend to have casual conversations, intense discussions and even share personal things such as photographs using internet-connected apps like WhatsApp, iMessage, Signal and alike.
All these popular messaging platforms guarantee privacy and security against malicious hackers trying to penetrate the firewall. But a Washington DC based firm is now giving adequate motivation to anyone with the capabilities to hack into secure messaging apps like WhatsApp and Signal.
Zerodium, the company launched in 2015, is now offering $500,000 for executing fully functional attacks that would work against apps like Signal, WhatsApp, iMessage, Viber, WeChat, and Telegram. The company is also willing to pay the same about for exploits against default mobile e-mail apps.
In short, the company is paying top dollar to get a peek into your private conversations without your knowledge. Here's how the process works:
But that's not surprising coming from Zerodium, as it openly states its motives.
"ZERODIUM pays premium bounties and rewards to security researchers to acquire their original and previously unreported zero-day research affecting major operating systems, software, and devices," the company explains on its website. "While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and [proof of concepts] but pay very low rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market."
What it does with those "high-risk vulnerabilities with fully functional exploits" is largely unknown. In a more concerning matter, the company's customer base includes "major corporations in defense, technology, and finance, in need of advanced zero-day protection, as well as government organizations in need of specific and tailored cybersecurity capabilities."
Zerodium doesn't reveal its list of customers, so it is hard to understand how and why the startup is handing out such generous payouts for zero-day vulnerabilities. In fact, the company's payout list reveals that zero days against Signal and WhatsApp are towards the top, making them highly important.
As panicking as the revelation is, you can be rest assured that your messaging apps are more than secure. Clearly, a company is willing to pay hundreds and thousands of dollars just to penetrate the strong firewall built by its makers. But the concern is they won't simply spend all that money to read your messages unless they are of greater value.
Besides this reward, Zerodium also offers up to $1.5 million for remotely Jailbreaking an iPhone, and smaller rewards like bypassing iPhone's passcode and Touch ID for up to $15,000.