Zero-Day Startup Offers $20 Million for Smartphone Hacks

New Startup Offers Substantial Rewards for Smartphone Hacking Tools

A recently established startup, based in the United Arab Emirates, is presenting offers of up to $20 million for hacking tools. These tools are designed to enable governments to gain access to any smartphone via text message.

High Bounties in the Zero-Day Market

Advanced Security Solutions, launched this month, is now providing some of the most significant publicly advertised prices within the zero-day market. Zero-days represent vulnerabilities in software that are unknown to the developers when initially discovered.

These tools hold considerable value, particularly for individuals working in law enforcement and intelligence capacities.

Bounty Amounts for Various Software

Beyond the top bounty of $20 million – applicable to any mobile operating system – the company is also offering rewards for exploits targeting different software platforms.

$15 million for zero-days affecting Android devices and iPhones.
$10 million for Windows.
$5 million for Chrome.
$1 million for Apple’s Safari and Microsoft Edge browsers, among others.

Company Transparency and Clientele

The identity of those behind the company, and its client base, remains unclear at this time.

“We empower government agencies, intelligence services, and law enforcement to operate with precision in the digital battlefield,” states the company’s official website.

The company reports ongoing collaboration with over 25 governments and intelligence agencies globally. Clients demonstrate consistent loyalty, indicating the trust and strategic value provided in critical operational scenarios, including counterterrorism and narcotics control.

Experienced Personnel

The website emphasizes that, despite being a new entity, the company is staffed entirely by professionals possessing over 20 years of experience in elite intelligence units and private military contracting.

Advanced Security Solutions has not yet responded to inquiries regarding its funding, ownership, operational leadership, customer base, or any self-imposed ethical or legal limitations on government sales.

Industry Perspective on Pricing

A security researcher familiar with the zero-day landscape informed TechCrunch that the prices offered by Advanced Security Solutions are generally consistent with current market rates.

“These advertised prices are typically within the expected range,” the source stated to TechCrunch, requesting anonymity to discuss the zero-day industry openly.

The researcher added that the $20 million bounty, while substantial, could be considered low depending on the ethical considerations of the individual.

Concerns Regarding Anonymity

The researcher also expressed personal reservations about engaging with a company that does not disclose its ownership. “I believe it’s prudent to avoid selling vulnerabilities to entities that conceal their identities,” they commented.

Growth of the Zero-Day Market

The market for zero-days has experienced significant expansion over the past decade, both in terms of the number of participating companies and the prices offered.

In 2015, Zerodium, a broker similar to Advanced Security Solutions, was among the first to publicly release its price list. It offered up to $1 million for tools to compromise iPhones.

Three years later, Crowdfense emerged, offering $3 million for the same type of zero-days.

Escalating Prices Reflect Increased Demand and Difficulty

More recently, zero-day prices have risen sharply, driven by increased demand and the growing complexity of hacking modern devices and software due to enhanced security measures implemented by major technology companies.

Last year, Crowdfense updated its price list, offering up to $7 million for zero-days targeting iPhones and $5 million for similar exploits on Android.

Customers can also purchase zero-days for specific applications, such as WhatsApp (up to $8 million) and Telegram (up to $4 million).

Advanced Security Solutions currently offers $2 million for zero-days affecting Telegram, Signal, and WhatsApp.

Competition and Geographic Restrictions

Operation Zero, a Russian zero-day company, has offered up to $20 million for comparable exploits. However, its exclusive focus on the Russian government and potential legal restrictions for researchers in the U.S. and Europe may limit its ability to acquire the desired tools.

We’re always looking to evolve, and by providing some insight into your perspective and feedback into TechCrunch and our coverage and events, you can help us! Fill out this survey to let us know how we’re doing and get the chance to win a prize in return!