Zerodium, a controversial broker of security exploits, has doubled to $200,000 its bug bounty for Google's Android 7 operating system and tripled to $1.5 million the amount paid for discovering security flaws in Apple iOS 10 installed on fully patched iPhones and iPads.
Zerodium Bug Bounty
According to Ars Technica, after buying the working exploits, Zerodium sells them to government entities, as well as major finance, technology and defense corporations. Governmental agencies use these security flaws in order to spy on suspected enemies, terrorists, criminals and other targets.
Zerodium offered last year $1 million for iOS exploits, up to a total of $3 million. But after receiving and paying for three qualifying submissions, the company dropped the price to $500,000. Zerodium founder Chaouki Bekrar said on Thursday, Sept. 29, that the higher prices promoted now by the company are a response to improvements software makers such as Google and Apple have introduced in their operating systems. The new patches make iOS and Android much harder to compromise.
According to MacRumors, by increasing the reward for both iOS 10 and Android 7, Zerodium aims to attract more researchers all year long. Previously, its reward programs were limited to a specific bounty period. Zerodium's decision to rise up its bug bounty can be seen, at the same time, as a response to upcoming launch of Apple's own program.
At the annual Black Hat Conference, Apple announced last month the imminent launch of an invite-only Security Bounty Program offering rewards of up to $200,000 to researchers. Apple's bug bounty program's rewards would depend on the vulnerability discovered and would be limited to a few dozen researchers.
Several news media outlets including Forbes were reporting earlier this week that prominent hackers will allegedly meet in secret alleged at Apple's Campus in Cupertino for a briefing on the company's bug bounty program. However, lately the media outlets discovered that they were duped and the meeting was just a hoax perpetrated by the hackers.