Startup Offers $20M for Universal Smartphone Hacking Tools
▼ Summary
– A UAE-based startup called Advanced Security Solutions is offering up to $20 million for zero-day exploits that can hack smartphones via text message.
– The company claims to work with over 25 governments and intelligence agencies for purposes like counterterrorism and narcotics control.
– Advanced Security Solutions’ ownership and funding remain undisclosed, and it did not respond to questions about ethical or legal restrictions on sales.
– A security researcher warned against dealing with anonymous companies and noted that the $20 million bounty is low for those without scruples.
– Zero-day exploit prices have skyrocketed due to increased demand and improved security, with other firms like Crowdfense and Operation Zero also offering multi-million dollar bounties.
A new startup based in the United Arab Emirates is making waves in the cybersecurity world by offering up to $20 million for universal smartphone hacking tools that could enable government entities to infiltrate devices using a simple text message. This unprecedented bounty signals a major escalation in the growing market for digital espionage resources.
Advanced Security Solutions, which launched earlier this month, is positioning itself as a major player in the zero-day exploit industry. Zero-day vulnerabilities refer to software flaws unknown to developers at the time they are discovered, making them exceptionally valuable to intelligence and law enforcement agencies seeking covert access to devices.
The company’s pricing structure is among the most aggressive publicly disclosed to date. In addition to the headline $20 million offer for exploits affecting any mobile operating system, bounties include $15 million for Android or iOS vulnerabilities, $10 million for Windows, $5 million for Chrome, and $1 million for browsers like Safari and Microsoft Edge.
Little is known about the ownership, funding, or clientele of Advanced Security Solutions. The firm’s website claims it collaborates with more than 25 governments and intelligence agencies, providing “strategic value” in areas like counterterrorism and narcotics control. It also states that its team consists of professionals with over two decades of experience in elite intelligence and private military sectors.
Despite repeated inquiries, the company has not disclosed any information regarding its leadership, ethical guidelines, or legal restrictions on sales. This lack of transparency raises significant concerns within the security research community.
An experienced zero-day researcher, speaking anonymously, noted that while the bounty amounts are roughly aligned with current market rates, the $20 million figure could be considered low depending on the buyer’s intentions. The source also expressed caution about engaging with an entity that conceals its identity, advising researchers to avoid selling exploits to anonymous buyers.
The market for zero-day exploits has expanded dramatically over the past decade, both in the number of brokers and the sums involved. In 2015, Zerodium made headlines by offering $1 million for iPhone exploits. By 2018, Crowdfense raised the stakes to $3 million. More recently, improved security measures by tech giants have made hacking more difficult, driving prices even higher.
Last year, Crowdfense updated its price list to offer $7 million for iOS zero-days and $5 million for Android. Messaging apps like WhatsApp and Telegram also command high values, with bounties reaching $8 million and $4 million respectively. Advanced Security Solutions is offering $2 million for exploits targeting Telegram, Signal, and WhatsApp.
One notable competitor, Russia’s Operation Zero, has also advertised bounties as high as $20 million for similar exploits. However, its exclusive partnership with the Russian government limits its pool of potential sellers, particularly from Western countries where such transactions are illegal.
(Source: TechCrunch)