A United Arab Emirates startup is publicly selling security vulnerabilities to attack and infiltrate iPhones, Android smartphones and many other popular software.
Crowdfense is a security research company headquartered in Abu Dhabi, UAE. This company specializes in researching, understanding and exploiting unpatched security vulnerabilities on iPhones, smartphones running Android, popular and widely used software such as Chrome browser, Safari, WhatsApp application...
However, when security vulnerabilities are discovered on popular platforms and applications, Crowdfense does not provide information to warn users or so that software developers can promptly patch the vulnerabilities. This.
Instead, this company will sell the security holes it has discovered to hackers or government agencies... those who want to exploit security holes to attack and infiltrate their devices. users for various purposes, including espionage purposes.
Recently, Crowdfense has just posted a price list to publicly sell tools that exploit security holes to attack iPhones, Android smartphones or popular software. Crowdfense affirms that these are all unpatched security holes and can still be exploited for attacks.
Security vulnerabilities to penetrate iPhone, Android... are sold publicly - 1
The price of security vulnerabilities is publicly advertised by Crowdfense, in which the SMS eavesdropping tool is for sale from 7 to 9 million USD (Screenshot).
Crowdfense is offering tools to break into iPhones through security holes for between $5 and $7 million; Tools to hack into smartphones running Android have a maximum price of 5 million USD; Tools to exploit security errors in Chrome and Safari browsers range in price from 3 to 3.5 million USD...
Crowdfense said the price of security vulnerability exploitation tools has increased sharply because companies such as Apple, Google, Microsoft... are strengthening their product security measures, making the search and exploitation process more difficult. Security vulnerabilities are becoming more and more difficult.
Crowdfense's act of publicly selling security vulnerabilities for attack purposes has been condemned by the technology and security community, with many people saying that Crowdfense is making illegal profits and working against the user community.
In the opposite direction, some technology and security companies, such as Trend Micro ZDI, have spent large sums of money to purchase security vulnerability information from hackers as well as from other companies. like Crowdfense, to warn users and provide suggestions to patch those dangerous security holes.
Big technology companies such as Apple, Google, Microsoft... themselves also have reward programs for security experts, hackers... if they discover and give warnings about serious security holes in their products. hardware and software of these companies.
However, the reward price offered by technology companies is still much lower than the price Crowdfense is selling security vulnerabilities to hackers as well as government agencies. That's why Crowdfense accepts a bad reputation to trade and sell serious security vulnerabilities to the outside, rather than warning these vulnerabilities to technology companies to receive bonuses.
In addition to Crowdfense, many other companies also publicly sell security holes in software at different prices, depending on the severity and ease of exploitation of the security holes. These companies are often on the embargo list of the US government and many European countries, but the companies still earn large sums of money from their transactions.
