American information security company Zerodium announced that it is doubling its bounty for successful methods of hacking attacks on a fully patched version of Android 7.0 Nougat after it has failed to gather new information on additional vulnerabilities in Google’s open source operating system for some time now. Of course, the Washington-based company isn’t interested in situational exploits as it’s specifically looking for a chain of exploits which would allow potential hackers to gain full control of a targeted Android Nougat-powered smartphone or tablet. This sequence of exploits is also more commonly known as a “weaponized exploit”. For comparison, Google’s requirements for collecting a bounty for detecting vulnerabilities in Android are way looser and white hat, i.e. non-malevolent hackers can collect them even by simply pointing out theoretical vulnerabilities in the OS. Of course, that’s why Google pays significantly less for this type of achievements as the Mountain View tech giant offers up to $38,000 for a single bounty.
So, how come Zerodium is so interested in Android exploits that it’s willing to pay over five times the price Google is? Primarily because the company makes a much bigger profit by selling them to the US government which is always interested in new ways to spy on suspected and confirmed criminals and enemies. Not surprisingly, this so-called “bug brokering” is mostly frowned upon in Silicon Valley but companies such as Zerodium are claiming that everything they’re doing is perfectly legal and are criticizing developers for not being willing to outbid them, concluding how that proves that the likes of Google and Apple don’t care enough about the security of their own operating systems. Bug brokers’ activities may be seen as controversial but the fact that they exist is simply an inevitable byproduct of the Silicon Valley’s stance on encryption and user privacy in general.
Chaouki Bekrar, the founder of Zerodium recently stated that this bounty increase is directly connected to the significantly higher security featured in the latest iteration of Android. The Washington-based company is currently also offering a $1.5 million bounty for iOS 10 exploits, which Bekrar explained by asserting that the price difference is a mixture of increased difficulty of finding iOS 10 exploits and a higher demand for them in comparison to their Android 7 counterparts.