Click to Skip Ad
Closing in...

Mysterious start-up offers upwards of $3 million for zero-day iPhone and Android exploits

Published Apr 26th, 2018 11:34PM EDT
iPhone Security
Image: Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Apple over the past few years has made tremendous strides in beefing up security on the iPhone. In turn, unearthing iPhone-based exploits has become an incredibly lucrative business. Speaking to the steep price some firms are willing to pay for specialized exploits, you might recall that a firm called Zerodium back in 2015  paid out $1 million to a secret group of hackers who figured out a way to remotely jailbreak an iPhone.

Three years later, the stakes involving iPhone exploits are higher than they’ve ever been before. Speaking to this, a new report from Vice relays that a new Dubai-based startup called Crowdfense is offering upwards of $3 million to anyone who can come up with a zero-day exploit that skirts around the iPhone’s built-in security measures. What’s more, Crowdfense boasts that it has an overall budget of $10 million and is also offering up rewards for zero-day exploits targeting Android devices, MacOS machines and Windows machines.

“We work only with the best vulnerability researchers, focusing on very select capabilities with a highly structured and scientific approach,” Crowdfense director Andrea Zapparoli Manzoni said in a press release.

The company’s website adds:

Crowdfense budget for its first public Bug Bounty Program, launched April 2018, is $10 million USD.

Payouts for full-chain, previously unreported, exclusive capabilities range from $500,000 USD to $3 million USD per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally.

While bug bounty programs for mobile exploits are nothing new, the amount of money to be made here certainly makes Crowdfense’s initiative stand out. Additionally, such programs aren’t typically announced to the public via press release.

Crowdfense touts itself  as a research company dedicated to unearthing vulnerabilities that can later be used by a “selected group of global institutional customers.” Further, the company told Vice that it plans to sell any exploits it receives to law enforcement and intelligence agencies.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.

More Tech