Million-Dollar WhatsApp Hacks: The Booming Market for Zero-Day Exploits

/in


The Soaring Cost of Hacking WhatsApp: Inside the Million-Dollar Zero-Day Market

The Soaring Cost of Hacking WhatsApp: Inside the Million-Dollar Zero-Day Market

KEY HIGHLIGHTS

  • A Russian firm recently offered $20 million for zero-day exploits capable of compromising iOS and Android devices.
  • Globally, the cost of a WhatsApp-specific zero-day exploit can range from $1.7 to $8 million.
  • The coveted “Zero Click RCE” exploit provides extensive surveillance capabilities and costs around $1.7 million.

Welcome to the clandestine world of zero-day exploits, where the right vulnerability can fetch you millions. Due to enhanced security mechanisms in both iOS and Android devices, hacking has become an expensive venture, and nowhere is this more evident than with WhatsApp.

Russia’s Premium Play: $20 Million for the Ultimate Hack

Last week, a Russian firm shook the cybersecurity community by offering a whopping $20 million for chains of bugs that could compromise iOS and Android phones. The exorbitant price tag is a result of a couple of factors:

  1. Geopolitical Climate: The ongoing invasion of Ukraine has isolated Russia, making it difficult for them to find willing researchers.
  2. Desperation: Russian government bodies are apparently willing to pay a premium under the current circumstances.

Global Sticker Shock: WhatsApp Exploits Get Pricey

The allure of hacking WhatsApp is not confined to Russia. Leaked documents reveal that in 2021, an Android-targeting zero-day exploit for WhatsApp was priced between $1.7 and $8 million. The factors for this price hike include:

  1. Rarity of Skill: Advanced security measures mean fewer experts capable of finding these vulnerabilities.
  2. High Demand: Government hackers frequently target WhatsApp, driving up market demand.

The Allure of “Zero Click RCE”

A specific type of exploit called “Zero Click RCE” (Remote Code Execution) is available for around $1.7 million. What makes it so attractive?

  • Stealth: No interaction from the target is required, making it incredibly difficult to detect.
  • Power: The exploit allows for extensive surveillance capabilities, including the ability to read and exfiltrate messages.

Unpatched and Unprotected?

In 2020 and 2021, WhatsApp patched several vulnerabilities related to image processing. However, it’s still unclear whether these…

Source…