Ride the Lightning

How to Make BIG Money Selling Your Zero Day Exploit

August 29, 2017

Hat tip to Dave Ries. I had never heard of Zerodium, which describes itself as the premium acquisition program for zero-day exploits and advanced cybersecurity research.

Zerodium made the news on August 23^rd when it published a new price list for mobile exploits and increased prices for server and desktop zero-day exploits.

The pricing ranges from $5,000 to $1,500,000 – and yes, you read that last number correctly. So what kind of exploits are worth so much? Here are a couple of examples:

$1,500,000 – Apple iOS Remote Jailbreak + Persistence (Zero Click). Must be remote and without any user interaction.

$1,000,000 – Apple iOS Remote Jailbreak + Persistence with user interaction e.g. clicking a link or opening a file.

Zerodium's site says it "pays premium bounties and rewards to security researchers to acquire their original and previously unreported zero-day research affecting major operating systems, software, and devices. While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and PoCs but pay very low rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market."

On its FAQ page, Zerodium describes its customers as "major corporations in defense, technology, and finance, in need of advanced zero-day protection, as well as government organizations in need of specific and tailored cybersecurity capabilities." As I read the part about the government, I did find myself thoughtfully murmuring "hmmmm."

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson