Apple over the past few years has made tremendous strides in beefing up security on the iPhone. In turn, unearthing iPhone-based exploits has become an incredibly lucrative business. Speaking to the steep price some firms are willing to pay for specialized exploits, you might recall that a firm called Zerodium back in 2015  paid out $1 million to a secret group of hackers who figured out a way to remotely jailbreak an iPhone.

Three years later, the stakes involving iPhone exploits are higher than they’ve ever been before. Speaking to this, a new report from Vice relays that a new Dubai-based startup called Crowdfense is offering upwards of $3 million to anyone who can come up with a zero-day exploit that skirts around the iPhone’s built-in security measures. What’s more, Crowdfense boasts that it has an overall budget of $10 million and is also offering up rewards for zero-day exploits targeting Android devices, MacOS machines and Windows machines.

“We work only with the best vulnerability researchers, focusing on very select capabilities with a highly structured and scientific approach,” Crowdfense director Andrea Zapparoli Manzoni said in a press release.

The company’s website adds:

Crowdfense budget for its first public Bug Bounty Program, launched April 2018, is $10 million USD.

Payouts for full-chain, previously unreported, exclusive capabilities range from $500,000 USD to $3 million USD per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally.

While bug bounty programs for mobile exploits are nothing new, the amount of money to be made here certainly makes Crowdfense’s initiative stand out. Additionally, such programs aren’t typically announced to the public via press release.

Crowdfense touts itself  as a research company dedicated to unearthing vulnerabilities that can later be used by a “selected group of global institutional customers.” Further, the company told Vice that it plans to sell any exploits it receives to law enforcement and intelligence agencies.

Comments