CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 724
- Points
- 113
Who is willing to pay $8 million for your WhatsApp messages?
According to recent research, the cost of zero-day exploits for popular instant messengers today is measured in millions of dollars. One of the main reasons is the evolution of security mechanisms in mobile operating systems.
The researchers managed to analyze leaked documents with statistics over the past few years. It turned out that, for example, in 2021, for exploits for 0-day vulnerabilities in WhatsApp, someone was willing to pay up to $8 million to get remote access to the target's correspondence.
One of the companies offered a Zero-Click exploit for the remote code execution (RCE) vulnerability at a relatively affordable price of approximately $1.7 million.
This RCE worked on Android versions 9-11 (released in 2020) and was associated with a bug in the "image rendering library" tool.
In 2020 and 2021, WhatsApp fixed three vulnerabilities in image processing engines — CVE-2020-1890, CVE-2020-1910 and CVE-2021-24041. However, it is unclear whether exploits for other defects are still available.
The market for cyber espionage tools is constantly expanding. Moreover, not only 0-day exploit brokers are interested in accessing the new loopholes, but also intelligence agents along with law enforcement agencies. Sometimes a single exploit is enough for surveillance, but in some cases hackers use a whole set of vulnerabilities to break into the system.
For example, in September, three 0-day vulnerabilities were discovered, using which attackers installed Cytrox Predator spyware on Apple devices . Many other similar bugs in iOS were used to spy on opposition figures and journalists.
According to recent research, the cost of zero-day exploits for popular instant messengers today is measured in millions of dollars. One of the main reasons is the evolution of security mechanisms in mobile operating systems.
The researchers managed to analyze leaked documents with statistics over the past few years. It turned out that, for example, in 2021, for exploits for 0-day vulnerabilities in WhatsApp, someone was willing to pay up to $8 million to get remote access to the target's correspondence.
One of the companies offered a Zero-Click exploit for the remote code execution (RCE) vulnerability at a relatively affordable price of approximately $1.7 million.
This RCE worked on Android versions 9-11 (released in 2020) and was associated with a bug in the "image rendering library" tool.
In 2020 and 2021, WhatsApp fixed three vulnerabilities in image processing engines — CVE-2020-1890, CVE-2020-1910 and CVE-2021-24041. However, it is unclear whether exploits for other defects are still available.
The market for cyber espionage tools is constantly expanding. Moreover, not only 0-day exploit brokers are interested in accessing the new loopholes, but also intelligence agents along with law enforcement agencies. Sometimes a single exploit is enough for surveillance, but in some cases hackers use a whole set of vulnerabilities to break into the system.
For example, in September, three 0-day vulnerabilities were discovered, using which attackers installed Cytrox Predator spyware on Apple devices . Many other similar bugs in iOS were used to spy on opposition figures and journalists.
