The dark side of bug bounties

M

Mihir :-)

Thread author
Even as the FBI was looking for ways to bypass Apple’s security features to unlock an iPhone, a little known company was offering “to pay the highest rewards” for ways to exploit vulnerabilities in popular programs and had recently paid $1 million for a way to hack Apple’s latest iPhone operating system.

The company, Zerodium, was founded by French hacker Chaoki Bekrar, who first became prominent in security circles by winning hacking contests like Pwn2Own, to buy and sell previously unknown security bugs. These vulnerabilities are called zero-days because they’ve been publicly reported for “zero” days.

Bekrar says that Zerodium sells these vulnerabilities and “protective measures” to customers who use them “to stop attacks before they are exploited in the wild.” He adds that “some other customers use the research to conduct cybermissions and protect lives.”

Variants of so-called bug bounty programs are fast becoming a mainstream defensive security technique, and now include not only organizations which pay hackers who report vulnerabilities, but vulnerability disclosure programs, that neither penalize nor reward researchers for their discoveries. Over the past year, they’ve spread rapidly beyond Silicon Valley and are now offered by the likes of General Motors and the Pentagon.

Read More The dark side of bug bounties
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top