Vulnerabilities that can be used to hack into a WhatsApp account have become a veritable bargaining chip on the vulnerability market. Over the years, the bonuses offered to researchers who discover these vulnerabilities, which allow them to access a target's messages, have increased significantly.
Security flaws zero day "WhatsApp is particularly popular, according to information from TechCrunch. According to the media, an undisclosed and uncorrected vulnerability in the messaging system can sometimes be traded on the market for several million dollars.
Since 2021, a vulnerability that can compromise an Android smartphone user's WhatsApp account has been worth between $1.7 million and $8 million. Certain companies, both private and governmental, are prepared to pay a fortune to gain access to messages exchanged on WhatsApp by individuals.
Two years ago, an unnamed company marketed such a WhatsApp vulnerability for $1.7 million. The vulnerability allowed the attacker to execute code remotely on the target's smartphone, enabling them to spy on messages and transfer them to a remote server. The notable point was that this flaw was "zero click", meaning that no interaction from the target was required.
Recently, a Russian company called Operation Zero increased the prices it offers for such security flaws. It is now offering between $200,000 and $20 million for a WhatsApp vulnerability on Android or iOS. Once purchased, the vulnerability is resold to "Russian private and governmental organisations", according to Operation Zero.
According to Sergey Zelenyuk, CEO of Operation Zero, vulnerabilities in mobile phones are currently the most expensive products and are mainly used by government actors. Prices have risen considerably in recent years due to improvements in updates and security mechanisms on smartphones, as well as the geopolitical context, particularly the Russian invasion of Ukraine.
Unsurprisingly, WhatsApp is a prime target for cyber espionage experts, particularly those working for governments. Spying on a target's WhatsApp conversations can provide a wealth of valuable information.
"The buyers of vulnerabilities are interested in what the vulnerabilities allow them to do, which is to spy on their targets", explains an anonymous security researcher to TechCrunch.
In some cases, attackers do not even need to compromise the entire smartphone. In other cases, they use access to WhatsApp as a starting point to take full control of the phone. Zero-day vulnerabilities represent a unique threat with no margin for error, giving attackers an unprecedented advantage, which is why they are so valuable on the market.
Leave feedback about this