Zero-day exploits are often bought and sold on illegal forums and darknet marketplaces. Zimperium, a company active in the security sector, has announced its plans to start buying zero-day exploits moving forward. Since most of these exploits are fixed rather quickly the value of such a tool diminishes over time. Zimperium is interesting in Android and iOS exploits specifically, which is quite an intriguing development.
Although hackers and other criminals usually have no shortage of exploit buyers, they are faced with a few dilemmas while doing so. Even the “hottest” exploit can be patched in a matter of mere hours, rendering this information worthless rather quickly. If that is the case, no one will pay any money for these exploits, even though some of them might be worth millions of dollars when sold at the most opportune time.
Among the buyers of zero-day exploits are other hackers, enterprises, and in some cases, even governments. Especially when this exploit in question pertains to Android and iOS, as both popular mobile operating systems are prime targets for hackers of all walks of life. Once a criminal sells their exploit, there is always the risk of getting caught, regardless of which payment method is accepted.
To make matters even more difficult, very few exploit buyers will pay the full price asked, simply because the vendor may issue a fix before the security hole can be taken advantage of. Especially in the mobile space, these loopholes are often secured within 24 hours of engineers being made aware of this situation. Selling exploits that may no longer work earns hackers far less money, yet Zimperium has come up with an intriguing plan.
The company specializes in mobile device security, as well as promoting the patching of vulnerable mobile devices. In their quest to keep pushing this agenda, they are now willing to buy new and outdated zero-day exploits at a fair price. All N-days exploits affecting both Android and iOS are more than welcome, as long as they are not targeting the latest version of either mobile operating system.
Once the group purchases an exploit, they will forward the information to the members of their Handset Alliance. Among these companies are large enterprises such as Samsung and Blackberry. It is of the utmost importance these entities are notified about these n-day exploits, as they are the ones responsible for addressing any lingering vulnerabilities before damage can be done.
As one would expect, Zimperium is quite flexible when it comes to paying for these exploits. They are willing to pay through wire transfers, PayPal, and even Bitcoin, depending on what the hacker prefers. All things considered, this is quite an intriguing development that will hopefully improve the security of mobile handsets all over the world.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.