A new startup, based in the United Arab Emirates, promises to give $3 million to anyone who can successfully hack iOS devices.
The Crowdfense startup is looking for zero-day exploits, referring to hacking tools which exploit vulnerabilities unknown to the system creators. In addition to iOS, the company is seeking zero-day exploits for Windows, MacOS, iOS, and Android.
The startup aims to buy these exploits from independent researchers and sell them on to law enforcement and intelligence agencies. However, they are apparently being highly selective with purchasers and will not sell to oppressive governments. (Of course, your measure of oppressive may vary!)
An interview with Motherboard quotes Crowdfense director Andrea Zapparoli as saying that:
“When I think about government agencies I don’t think about the military part, I think about the civilian part, that works against crime, terrorism, and stuff like that. We only focus on tools aimed at doing activities of law enforcement or intelligence, not aimed at destroying or deteriorating the functionality and effectiveness of the target systems — but only aimed at collecting intelligence.”
In total, the company has a $10 million budget for its “bug bounty.” It declines to reveal exactly who has invested in the company.
Crowdfense is far from the only company offering big bucks for zero-day exploits. Other startups like Zerodium offer seven-figure fees as well.
Apple has gotten in on the game, too — although it’s more interested in plugging holes so that government can’t jailbreak devices. In 2016, Apple announced its own bug bounty program which offers up to $200,000 to security researchers who find vulnerabilities on the company’s various software platforms.
The FBI has previously said it wants help in unlocking the thousands of smartphones and tablets involved in criminal cases each year. When Apple CEO Tim Cook adamantly refused, it led to a standoff with the Feds.