Skip to main content

Here’s how much zero-day hacks for iPhone, iMessage, and more are worth

Considering a career change? The prices of zero-day hacking tools continue to rise. In a new pricing list published this week, spotted by TechCrunch, startup Crowdfense said that it will pay between $5 and $7 million for zero-days to break into iPhones.

How much are iPhone exploits worth?

As explained by TechCrunch, these exploits are referred to as “zero-days” because they “rely on unpatched vulnerabilities in software that are unknown to the makers of that software.”

Companies like Crowdfense and one of its competitors Zerodium claim to acquire these zero-days with the goal of re-selling them to other organizations, usually government agencies or government contractors, which claim they need the hacking tools to track or spy on criminals.

According to its new pricing list, Crowdfense said that it will pay between $5 and $7 million for iPhone zero-days, and up to $5 million for Android zero-days.

  • Google Chrome zero-days: up to $3 million
  • Safari zero-days: up to $3.5 million
  • iMessage zero-days: between $3 and $5 million
  • WhatsApp zero-days: between $3 and $5 million

These numbers have all increased compared to Crowdfense’s last round of prices, published in 2019. In that report, the company was offering $3 million for both Android and iPhone zero-days. TechCrunch explains that this is a byproduct of companies including Apple and Google improving platform security and becoming quicker at patching vulnerabilities that do arise.

Crowdfense’s payouts are now the “highest publicly known prices” outside of Russia, TechCrunch says:

Crowdfense currently offers the highest publicly known prices to date outside of Russia, where a company called Operation Zero announced last year that it was willing to pay up to $20 million for tools to hack iPhones and Android devices. The prices in Russia, however, may be inflated because of the war in Ukraine and the subsequent sanctions, which could discourage or outright prevent people from dealing with a Russian company.

Apple offers its own Apple Security Research Bounty program, through which security researchers can earn a maximum of $2 million.

The full report at TechCrunch offers an interesting look at the broader world of zero-day exploit payouts and bounty programs.

Follow ChanceThreadsTwitterInstagram, and Mastodon

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is an editor for the entire 9to5 network and covers the latest Apple news for 9to5Mac.

Tips, questions, typos to chance@9to5mac.com