Considering a career change? The prices of zero-day hacking tools continue to rise. In a new pricing list , spotted by , startup Crowdfense said that it will pay between $5 and $7 million for zero-days to break into iPhones. How much are
iPhone exploits worth? As explained by , these exploits are referred to as “zero-days” because they “rely on unpatched vulnerabilities in software that are unknown to the makers of that software.” Companies like Crowdfense and one of its competitors Zerodium claim to acquire these zero-days with the goal of re-selling them to other organizations, usually government agencies or government contractors, which claim they need the hacking tools to track or spy on criminals. According to its new pricing list, Crowdfense said that it will pay between $5 and $7 million for iPhone zero-days, and up to $5 million for
Android zero-days. These numbers have all increased compared to Crowdfense’s last round of prices, published in 2019. In that report, the company was offering $3 million for both Android and iPhone zero-days. explains that this is a byproduct of companies including
Apple and
Google improving platform security and becoming quicker at patching vulnerabilities that do arise. Crowdfense’s payouts are now the “highest publicly known prices” outside of
Russia, says: Crowdfense currently offers the highest publicly known prices to date outside of Russia, where a company called Operation Zero announced last year that it was willing to pay up to $20 million for tools to
Hack iPhones and Android devices. The prices in Russia, however, may be inflated because of the war in
Ukraine and the subsequent
sanctions, which could discourage or outright prevent people from dealing with a
Russian company. Apple offers its own , through which security researchers can earn a maximum of $2 million. The offers an interesting look at the broader world of zero-day exploit payouts and bounty programs. : , , , and .