New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days

  /     /     /  
Publicated : 23/11/2024   Category : security


New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days


Signal messaging app zero-day vulnerabilities have sparked a $1.5M bidding match, as gray-market exploit brokers flourish in todays geopolitical climate.



Gray-market exploit brokers are alive and kicking, with the latest sign of this flourishing market coming in the form of a bidding war for Signal messaging app zero-days from a relatively new entrant. 
Russia-based OpZero went on the record recently with a $1.5 million offer for Signal remote code execution (RCE) exploits, more than tripling the relatively stable high-water mark for that app offered by American firm Zerodium.
Cybersecurity experts say that this particular bidding war indicates the Russian governments desperation to gain surveillance capabilities over Ukrainians utilizing Signal to communicate. But the price movement on this front also offers a microcosmic look into the broader reliance of gray-market customers (most typically governments) on intermediary brokers.
Perhaps one of the most public and prolific players in the market is Zerodium, an American firm with an obscured customer list of government institutions mainly from Europe and North America, according to the companys FAQ. 
The firm offers
as much as $2 million
for iOS flaws and presents many public offers for exploits in a range of operating systems and applications. The company has had a standing offer
since 2017
of up to $500,000 for exploits of Signal and other social messaging apps, including Facebook Messenger, WhatsApp, and Telegram.
The entrance of OpZero into this mix with an offer of three times that amount, which has experts such as security researcher The Grugq postulating that the company is a stand-in for Russian intelligence services that are desperate for Android and Signal exploits.
Android has an almost 80% market share in Ukraine, and Signal has over 2 million daily active users, The Grugq
recently wrote
. Android phones with Signal are robust security platforms. They’re not military equipment, but they’re perfectly capable of providing protection against a wide range of security threats. Including nation state level threat actors. Russia appears to be lacking an Android or Signal capability.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days