A new startup is offering up to $3 million dollars for tools to hack into Android and iOS devices, the highest public price offered for such tools.
The startup is called Crowdfense and is based in the United Arab Emirates. In an unusual move in the normally secretive industry of so-called zero-days, Crowdfense sent out a press release to reporters on Tuesday, advertising what it calls a bug bounty.
"Zero-days" or zero-day exploits are hacking tools that leverage bugs or vulnerabilities in computer systems that are unknown to the system's developers. Over the years, improvements in the security of popular computers and cellphones have created a secretive and controversial industry dedicated to providing these tools to government agencies that need help hacking targets.
Crowdfense's director Andrea Zapparoli Manzoni told me that he and his company are trying to join that market, purchasing zero-days from independent researchers and then selling them to law enforcement and intelligence agencies.
"When I think about government agencies I don't think about the military part, I think about the civilian part, that works against crime, terrorism, and stuff like that," Zapparoli told me in a phone interview. "We only focus on tools aimed at doing activities of law enforcement or intelligence, not aimed at destroying or deteriorating the functionality and effectiveness of the target systems—but only aimed at collecting intelligence."
The company is only looking for zero-day exploits for Windows, MacOS, iOS, and Android. It's not interested in exploits for Internet of Things devices, critical infrastructure, telecom companies, or popular sites such as Facebook, according to Zapparoli.
A graphic of the exploits Crowdfense is looking for, and the respective payouts. (Image: Crowdfense)