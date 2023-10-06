According to TechCrunch, undisclosed and unpatched security vulnerabilities in the popular messaging app WhatsApp are highly sought after on the market, sometimes fetching prices of several million dollars. These vulnerabilities allow attackers to compromise user accounts and gain access to their messages, making them a valuable commodity in the eyes of private organizations and government entities.

Since 2021, a vulnerability that allows attackers to compromise a WhatsApp account on an Android smartphone has been valued between 1.7 and 8 million dollars. In some cases, companies have paid this fortune to gain access to the messages exchanged on WhatsApp individuals.

In one instance, an undisclosed company sold a WhatsApp breach for 1.7 million dollars two years ago. This vulnerability allowed attackers to remotely execute code on the target’s smartphone, enabling them to spy on messages and transfer them to a remote server. What made this particular vulnerability even more dangerous was that it was a “zero-click” exploit. Unlike some vulnerabilities that require the user to click on a link or open a compromised file, a “zero-click” vulnerability can be automatically exploited without any interaction from the target.

Recently, a Russian company called Operation Zero increased the prices offered for a WhatsApp security vulnerability. They now offer between 200,000 and 20 million dollars for a WhatsApp vulnerability on Android or iOS. After purchasing the breach, Operation Zero resells it to “private and government organizations in Russia.”

According to Sergey Zelenyuk, the CEO of Operation Zero, mobile phone vulnerabilities are currently the most expensive products and are mainly used government actors. The prices for these vulnerabilities have significantly increased in recent years due to the progressive improvement of smartphone updates and security mechanisms, as well as the ongoing conflict between Russia and Ukraine. With fewer researchers willing to work with Russia in this context, entities dependent on the Kremlin have had to raise the rewards offered.

WhatsApp is a preferred target for cyber espionage experts, especially those working for governments. By spying on a target’s WhatsApp conversations, valuable information can be gathered. Attackers don’t always need to compromise the entire smartphone; they can also use access to WhatsApp as a starting point to gain full control of the device.

Zero-day vulnerabilities represent a unique breed of cyber threats that offer attackers an unprecedented advantage, leaving no room for error. This is why they are highly sought after and sell for a premium price.

Source: TechCrunch