Zero-Days for Hacking WhatsApp Are Now Worth Millions of Dollars

Securing the devices running iOS and Android operating systems is now costly due to improved defenses. 

According to a recent report by TechCrunch, there has been a surge in the demand for zero-day exploits that can be used to hack into popular instant messaging apps like WhatsApp.

These exploits are now being sold for millions of dollars, highlighting the growing threat of cyber attacks on communication platforms that are widely used by millions of people across the globe.

It is important for users to be vigilant and take necessary precautions to secure their personal and sensitive information while using these apps.

Recently, a Russian firm sought to purchase undisclosed software vulnerabilities for $20 million, exclusively for Russian government and private sector use, enabling remote access to iOS and Android phones.

The high price reflects limited researchers willing to cooperate due to the Ukraine situation, with Russian government customers willing to pay extra.

Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today‚Äôs most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Zero-Days Worth Millions of Dollars

Beyond Russia, even in niche app markets, zero-day prices have surged significantly as the leaked documents reveal that in 2021, a WhatsApp Android bug enabling message access ranged from $1.7 to $8 million.

According to an anonymous security researcher, prices have surged, especially for WhatsApp vulnerabilities, favored by government hackers, as seen when NSO Group customers used a zero-day in 2019.

WhatsApp has filed a lawsuit against an Israeli surveillance technology vendor for allegedly facilitating zero-day abuse. The leaked documents reportedly exposed a staggering price of $1.7 million for a ‘zero-click RCE’ in WhatsApp, which would permit covert monitoring and retrieval of messages.

The document stated the exploit targeted Android versions 9 to 11 through an image rendering library flaw. WhatsApp addressed related vulnerabilities in 2020 and 2021, but it’s uncertain if they covered the exploits sold in 2021.

However, besides this, WhatsApp declined to comment. While targeting WhatsApp alone can be valuable for government hackers who focus on chat interception, a WhatsApp exploit can also be a step in compromising the entire device.

Exploit buyers seek tools for spying, often requiring multiple pieces to fulfill their objectives, according to an anonymous security researcher familiar with the market.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.