WhatsApp Exploits Command Million-Dollar Prices Due to Security Measures
Continuous advancements in security mechanisms, along with the mitigation of various vulnerabilities and other protective measures, have made hacking mobile devices based on iOS and Android, as well as prominent applications like WhatsApp, a costly endeavor. As a result, methods for hacking popular apps such as WhatsApp now command millions of dollars.
In late last month, Operation Zero, a company positioning itself as a Russian platform that acquires new hacking schemes from cybersecurity researchers, announced its readiness to pay anywhere from $200,000 to $20 million for device compromise schemes on iOS and Android. These schemes primarily involve high-level exploits that can be leveraged due to vulnerabilities that developers have not yet patched in their products.
The source also notes an increase in the cost of hacking specific mobile applications. As of 2021, a fresh Android-based WhatsApp hacking scheme, enabling access to a victim’s chats, was priced between $1.7 million and $8 million. WhatsApp has become a prime target for so-called state-sponsored hackers, often utilizing zero-day vulnerabilities for hacking purposes.
In 2019, researchers identified several NSO Group clients using the Israeli company’s software to compromise WhatsApp on victims’ devices. Shortly after, WhatsApp filed a lawsuit against NSO Group, accusing the company of creating and distributing tools used to spy on hundreds of messenger users. According to the source, in 2021, the company was selling a remote code execution vulnerability, previously unknown to developers, for approximately $1.7 million.
In the case of WhatsApp, such a vulnerability allows the creation of an exploit that does not require hackers to interact with the victim. The NSO Group’s exploit worked on WhatsApp mobile clients for Android from version 9 to 11 and leveraged a vulnerability in the image rendering library. Between 2020 and 2021, WhatsApp developers addressed three image processing vulnerabilities. However, it is unclear whether the vulnerability used by the NSO Group’s exploit was patched. Official representatives of the company declined to comment on this matter.
As cybersecurity measures evolve, hacking methods become more complex and, consequently, more expensive, reflecting the continuous arms race between attackers and defenders in the digital realm.
- I'm Vasyl Kolomiiets, a seasoned tech journalist regularly contributing to global publications. Having a profound background in information technologies, I seamlessly blended my technical expertise with my passion for writing, venturing into technology journalism. I've covered a wide range of topics including cutting-edge developments and their impacts on society, contributing to leading tech platforms.
- Troubleshooting15/11/2023Intel Fixes Critical Vulnerability Affecting All Processors – CVE-2023-23583
- Business15/11/2023Google Pays $8 Billion to Samsung for Default ‘Play Market’ and Search in Galaxy Devices
- Technology04/11/2023North Korea Upgrades Mobile Networks with Huawei Equipment Imports
- Technology03/11/2023Chinese Scientists Invent Passive Saltwater Cooler, Boosts CPU Speed by a Third