Android full chain zero click exploit
Well, there's some good news for hackers and vulnerability hunters, though terrible news for Google, Android device manufacturers, and their billions of users worldwide.

The zero-day buying and selling industry has recently taken a shift towards Android operating system, offering up to $2.5 million payouts to anyone who sells 'full chain, zero-click, with persistence' Android zero-days.

Just like other traditional markets, the zero-day market is also a game of supply, demand, and strategy, which suggests either the demand of Android zero-days has significantly increased or somehow Android OS is getting tougher to hack remotely, which is unlikely.

In it's latest notification, Zerodium—a startup that buys zero-day exploits from hackers, and then probably sells them to law enforcement agencies and nation-sponsored spies around the world—said it's looking for hackers who can develop full chain Android exploits.
zerodium prices table
The company is ready to pay up to $2.5 million for such exploits that can be used to gain persistence access on an Android device with no indication and interaction from the target user; a straight 12x jump from its previous price tag of $200,000.

While the same type of zero-day exploits for iOS devices are worth $2 million, which is still double than what Apple has recently started offering to hackers to responsibly report severe deadly exploits, described as "a zero-click kernel code execution vulnerability that enables complete, persistent control of a device's kernel."

Besides Android exploits, Zerodium has also announced to offer $500,000 for submitting new persistence exploits or techniques for iOS, and increased payouts of WhatsApp and iMessage exploits.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.