undefined | Better HN

0 points3pt141591mo ago0 comments

If what you are saying is true, then you would see exploit marketplaces list iOS exploits at hundreds of millions of dollars. Right now a cursory glance sets the price for zero click persistent exploit at $2m behind Android at $2.5m. Still high, and yes, higher than five years ago when it was around $1m for both, but still not "largely crushed". It is still easy to get into a phone if you are a state actor.

0 comments

lmf4lol1mo ago

Hi, would you mind explaining how this works? Something is finding an exploit in Android/iOS and then he sells it for 2.5m/2m on some dark market?

saagarjha1mo ago

It’s somewhat more complicated than this but vaguely yes

lmf4lol1mo ago

interesting. and how do they find a buyer? is there a marketplace for this?

sorry for the dumb questions. I know nothing about this field :-)

saagarjha1mo ago

Yes, that’s the complicated part. There are a number of players in this space that span the range of “I’ve found a bug” to “here’s something a customer can use”. Each gets progressively more money for the value add. You can capture more for yourself if you do more of the steps. Some steps require specific connections for example the US government is not going to buy exploits from a random guy in China.

squeaky-clean1mo ago

Those are for devices not in lockdown mode.

j / k navigate · click thread line to collapse

0 comments

lmf4lol1mo ago

Hi, would you mind explaining how this works? Something is finding an exploit in Android/iOS and then he sells it for 2.5m/2m on some dark market?

saagarjha1mo ago

It’s somewhat more complicated than this but vaguely yes

lmf4lol1mo ago

interesting. and how do they find a buyer? is there a marketplace for this?

sorry for the dumb questions. I know nothing about this field :-)

saagarjha1mo ago

squeaky-clean1mo ago

Those are for devices not in lockdown mode.

j / k navigate · click thread line to collapse