Even as the FBI was looking for ways to bypass Apple’s security features to unlock an iPhone, a little known company was offering “to pay the highest rewards” for ways to exploit vulnerabilities in popular programs and had recently paid $1 million for a way to hack Apple’s latest iPhone operating system.
The company, Zerodium, was founded by French hacker Chaoki Bekrar, who first became prominent in security circles by winning hacking contests like Pwn2Own, to buy and sell previously unknown security bugs. These vulnerabilities are called zero-days because they’ve been publicly reported for “zero” days.
Bekrar says that Zerodium sells these vulnerabilities and “protective measures” to customers who use them “to stop attacks before they are exploited in the wild.” He adds that “some other customers use the research to conduct cybermissions and protect lives.”
Variants of so-called bug bounty programs are fast becoming a mainstream defensive security technique, and now include not only organizations which pay hackers who report vulnerabilities, but vulnerability disclosure programs, that neither penalize nor reward researchers for their discoveries. Over the past year, they’ve spread rapidly beyond Silicon Valley and are now offered by the likes of General Motors and the Pentagon.
Read More The dark side of bug bounties
The company, Zerodium, was founded by French hacker Chaoki Bekrar, who first became prominent in security circles by winning hacking contests like Pwn2Own, to buy and sell previously unknown security bugs. These vulnerabilities are called zero-days because they’ve been publicly reported for “zero” days.
Bekrar says that Zerodium sells these vulnerabilities and “protective measures” to customers who use them “to stop attacks before they are exploited in the wild.” He adds that “some other customers use the research to conduct cybermissions and protect lives.”
Variants of so-called bug bounty programs are fast becoming a mainstream defensive security technique, and now include not only organizations which pay hackers who report vulnerabilities, but vulnerability disclosure programs, that neither penalize nor reward researchers for their discoveries. Over the past year, they’ve spread rapidly beyond Silicon Valley and are now offered by the likes of General Motors and the Pentagon.
Read More The dark side of bug bounties
