New Zero-Day startup offers $20 million for a tool that can hack your smartphone

The new UAE-based startup offers up to $20 million for hacking tools that help governments break into any smartphone via text messaging.

Launched this month, Advanced Security Solutions currently offers at least a portion of public prices across the zero-day market. Zero Day is a software flaw that is unknown to the developers affected at the time of discovery. These tools are of great value, especially for hackers working for law enforcement and intelligence reporting agencies.

Apart from the $20 million highest prize that applies to any mobile operating system, the company also offers exploit bounties in a variety of software. $15 million for the same type of zero-day for Android devices and iPhones. $10 million for Windows. Chrome’s $5 million. $1 million for Apple’s Safari and Microsoft Edge browsers.

It is unclear who is behind the company and who their customers are.

“We enable government agencies, intelligence reporting agencies and law enforcement agencies to operate accurately on the digital battlefield,” the company’s website reads. “We maintain continuous collaboration with over 25 governments and intelligence reporting agencies around the world. Our clients consistently return to new services, reflecting the trust and strategic values we provide in a high-stakes operational context, including counter-terrorism and drug management.”

The website also states that although the company is new, “only staffed by experts with over 20 years of operational experience in elite intelligence units and civilian military contractors.”

Advanced Security Solutions did not respond to a series of questions such as who funds, owns and operates the company, who its customers are, or whether the company has voluntary ethical or ethical restrictions to sell.

A security researcher with experience in the Zero Days world told TechCrunch that the prices offered by advanced security solutions are roughly consistent with the current market.

“Usually these advertised prices are in the ballpark,” the person told TechCrunch on condition of anonymity to be open about the zero-day industry. The person added that the $20 million bounty is “low depending on how uncruel you are.”

The researchers also warned that, personally, they would not address companies that do not disclose who is behind it, as in this case. “I don’t think you should sell the bug to someone who’s trying to hide who you are,” he said.

The zero-day market has expanded considerably over the past decade, both in the number of participating companies and the prices offered.

In 2015, Advanced Security Solutions won zero-days from researchers and reselled it to the government, Zerodium, a broker that reselled it to the government, was one of the first companies to publish a price list. The company, founded at the time by veteran exploit broker Chaouki Bekrar, provided up to $1 million for tools to hack your iPhone. Then, three years later, a crowdfence came out, offering $3 million for the same type of zero day.

More recently, zero-day prices have skyrocketed. This is because there is higher demand and because large tech companies have improved security, making it more difficult to hack the latest devices and software.

Last year, CrowdFense released a new price list. This provided up to $7 million for Zero Day to break into the iPhone, and $5 million for the same type of exploit on Android. Customers can also purchase zero-days for certain apps, especially messaging apps such as WhatsApp (up to $8 million) and Telegram (up to $4 million).

Advanced Security Solutions says it offers $2 million for Telegram, Signal and WhatsApp Zero Day.

Russian zero-day company Operation Zero is an outlier in the market, offering up to $20 million for the same type of exploits that Advanced Security Solutions is looking for. It is in a unique position as it says that Operation Zero works only with the Russian government, and for many researchers in the US and Europe, it is illegal to sell hacking tools to Russia.