Company offers up to $3 million for zero-days in Android or iOS
A new company called Crowdfense says it has a $10 million budget for unknown vulnerabilities in Android, iOS, macOS and Windows. For a zero-day in iOS or Android, the company has up to three million dollars to spare.
The Dubai-based company itself speaks of a bug bounty program and claims in a press release that it purchases the vulnerabilities to improve security. Crowdfense also reports on its website that it sells vulnerabilities to third parties.
In addition, the company states that its platform is only available to a ‘carefully vetted group of institutional entities’. The Crowdfense executive says in an interview with Motherboard that he wants to sell the vulnerabilities to intelligence agencies.
For a zero-day in Android or iOS that allows full access to the operating system without user interaction, the company is offering a $3 million bounty. A similar one-click vulnerability in Safari or Chrome yields up to $2.5 million on iOS and up to $2 million on Android.
There are more companies that are willing to pay high for zero-day vulnerabilities, such as Zerodium, which is offering up to $1.5 million. Crowdfense is only interested in vulnerabilities in Android, iOS, macOS and Windows.