Here’s the value of zero-day hacks for iPhone, iMessage, and more.

Considering a career change? The price of zero-day hacking tools continues to rise. With a new price list published this week, tech crunchStartup Cloudfence has announced it will pay between $5 million and $7 million for a zero-day intrusion into the iPhone.

How much are iPhone exploits worth?

As explained in tech crunchthese exploits are called “zero-days” because they “rely on unpatched vulnerabilities in the software that are unknown to the software manufacturer.”

Companies such as Cloudfence and one of its competitors, Zerodium, claim that they acquire these zero-days for the purpose of reselling them to other organizations, typically government agencies or government contractors. They say they need hacking tools to track and spy on criminals.

According to the new price list, Cloudfence said it will pay between $5 million and $7 million for an iPhone zero-day and up to $5 million for an Android zero-day.

• Google Chrome zero-day: up to $3 million
• Safari zero-day: up to $3.5 million
• iMessage zero-day: between $3 million and $5 million
• WhatsApp zero-day: between $3 million and $5 million

These numbers are all increases compared to Cloudfence’s last price announced in 2019. In that report, the company was offering $3 million for both Android and iPhone zero-days. tech crunch It explains this as a byproduct of companies including Apple and Google improving the security of their platforms and speeding up patching of vulnerabilities as they arise.

Cloudfence’s payment is now the “highest publicly known amount” outside Russia. tech crunch say:

Cloudfence currently offers the highest publicly known price outside Russia, but a company called Operation Zero last year was willing to pay up to $20 million for tools to hack iPhones and Android devices. announced. But the Ukraine war and ensuing sanctions could push prices higher in Russia and deter people from doing business with Russian companies, or prevent them altogether.

Apple offers its own Apple Security Research Bounty program, through which security researchers can earn up to $2 million.

The full report can be found at tech crunch provides an interesting perspective on the wider world of zero-day exploit payments and bounty programs.

follow chance: thread, twitterInstagram, and Mastodon.