WhatsApp exploits commanding multi-million prices
Security advances have made hacking an expensive endeavour.
Zero-day exploits targeting WhatsApp have become a hot commodity in the world of hacking, commanding multi-million-dollar price tags, according to leaked documents seen by TechCrunch.
The surge in the value of these hacking techniques is down to to advancements in security measures and mitigations, making the act of hacking both iOS and Android smartphones an expensive endeavour.
Recent reports indicate that a Russian firm specialising in the acquisition of zero-day vulnerabilities (flaws in software unknown to the developer) has offered a $20 million bounty for chains of bugs capable of remotely compromising iOS and Android devices.
This lucrative offer is primarily due to the scarcity of researchers willing to work with Russian entities amid the ongoing Ukraine crisis. Russian private and government organisations are willing to pay a premium for such exploits under these unique circumstances.
However, the trend isn't confined to Russia alone; the global market for these vulnerabilities has also seen a significant increase in prices. Leaked documents uncovered by TechCrunch revealed that, as of 2021, a zero-day exploit enabling a hacker to compromise a target's WhatsApp on an Android device and access message content can fetch prices from $1.7 million to $8 million.
WhatsApp has long been a prime target for government-backed hackers, especially those groups inclined to utilise zero-day vulnerabilities.
In 2019, researchers exposed instances of controversial spyware developer NSO Group deploying a zero-day exploit to target WhatsApp users. In response, WhatsApp filed a lawsuit against the Israeli surveillance tech vendor, alleging abuse of its platform for the exploitation of more than a thousand WhatsApp users.
The value of targeting WhatsApp
Targeting WhatsApp specifically holds value, as many people use it as a secure communication channel, including government officials in many countries.
Hackers, often affiliated with intelligence or law enforcement agencies, may solely seek access to a target's WhatsApp conversations without compromising the entire device. However, exploits limited to WhatsApp can also serve as components in a chain of attacks aimed at further compromising the target's device.