Zero Day HackA recent report by Google’s Threat Analysis Group revealed 97 zero-day vulnerabilities exploited in-the-wild.
Now, startups are reportedly willing to play millions of dollars to hackers to crack these zero-day vulnerabilities.
What are zero-day vulnerabilities?
Story continues below Advertisement Remove AdZero-day exploits or vulnerabilities are surprise attacks targeting unknown software flaws.
According to Google, CSVs — or Commercial Surveillance Vendors — were behind 75 percent of known zero-day exploits targeting Google products as well as Android ecosystem devices in 2023.
Zero Day Hack
A recent report by Google’s Threat Analysis Group revealed 97 zero-day vulnerabilities exploited in-the-wild. This number was 50 per cent more than 2022. Now, startups are reportedly willing to play millions of dollars to hackers to crack these zero-day vulnerabilities.
What are zero-day vulnerabilities?
Story continues below Advertisement Remove Ad
Zero-day exploits or vulnerabilities are surprise attacks targeting unknown software flaws. Like a "day zero" on a calendar, vendors — like Google, Apple, Microsoft, Meta — have no time to fix these vulnerabilities before hackers exploit them. This makes them dangerous and difficult to defend against.
According to a report by Techcrunch, Crowdfense, a startup is offering up to $30 million to hackers who can discover previously unknown vulnerabilities in popular devices and apps. As per the new rates published on Crowdfense’s website, the startup is offering the highest rewards for iPhone exploits, at up to $7 million, with Android exploits reaching $5 million. For those who can crack Chrome or Safari, the bounty is up to $3.5 million, while WhatsApp and iMessage vulnerabilities can fetch hackers between $3 and $5 million.
The report suggests that the Crowdfense and other such companies then sell the exploits to other organisations, including government agencies. Across the world, governments’ security agencies often need hacking tools to track criminals or bad actors.
According to Google, CSVs — or Commercial Surveillance Vendors — were behind 75 percent of known zero-day exploits targeting Google products as well as Android ecosystem devices in 2023. Of the 37 zero-day vulnerabilities in browsers and mobile devices exploited in 2023, Google attributed over 60 percent to CSVs that sell spyware capabilities to government customers.
On the part of tech companies, they have strengthened their mechanisms to fight zero-days. According to Maddie Stone, Google Threat Analysis Group, end user platform vendors, such as Apple, Google and Microsoft, have made notable investments that are having a clear impact on the types — and number — of zero-days that actors are able to exploit. “Vulnerabilities that were commonplace in years past are virtually non-existent today,” she said in a blog post.
Also read: Microsoft warns how China may 'impact' elections in US, India with AI
