New Exploit Agent on the Scene Pays Premium for Signal Zero-Days App

Gray market exploit brokers are alive and kicking, and the latest sign of this burgeoning market comes in the form of a bidding war for zero-day messaging app Signal by a relatively new entrant.

Russia-based OpZero recently made public a $1.5 million offer for Signal’s remote code execution (RCE) exploits, more than tripling the relatively stable watermark for that app offered by the US company. Zerodium.

Cybersecurity experts say this particular bidding war signals the Russian government’s desperation for surveillance capabilities over Ukrainians who use Signal to communicate. But the price movement on this front also offers a microcosmic look at the broader reliance of gray market clients (usually governments) on intermediary brokers.

The Shadowy “Gray Hat” World of Cyber ​​Security Exploit Brokers

These middlemen are sometimes freelance traders, other times thinly veiled fronts for nation-state intelligence agencies, buying up security researchers interested in profiting from their exploitative work.

The market works on the basis of “ask me no questions and I won’t tell you lies”, the researchers say. Brokers have no qualms about working with black and white hat security experts, and exploit developers don’t ask how or who will use their exploits. The fixes put this market in a middle ground between the highly structured vendor-oriented vulnerability bug bounty market and the chaotic and openly criminal dealings of the black hat-dominated Dark Web.

“Exploit brokers function as market makers by hiring vendors (security researchers) who manage an inventory of exploits and selling to buyers (actors implementing offensive cyber operations),” according to a recent article on the world of gray market exploits. presented at the 21st Workshop on the Economics of Information Security (WEIS’22) in Tulsa, Okla., earlier this year.

“By doing so, brokers can more efficiently manage transaction costs relative to suppliers and buyers who contract directly with each other. In addition, brokers provide a layer of insulation against reputational and legal consequences,” the document explained. , adding that the price of exploits has increased by 1,240% in the last six years on the gray market.

War in Ukraine sparks signal exploitation bidding war

Perhaps one of the most public and prolific players in the market is Zerodium, an American company with an obscure client list of “primarily European and North American government institutions,” according to the company’s FAQ.

The company is offering up to $2 million for flaws in iOS and is making many public offerings for vulnerabilities in a variety of operating systems and apps. The company has had a standing offer since 2017 of “up to” $500,000 for exploits on Signal and other social messaging apps, including Facebook Messenger, WhatsApp and Telegram.

OpZero’s entry into this mix with an offer of three times that amount, which has experts like security researcher The Grugq positing that the company is a surrogate for Russian intelligence services that are “desperate” over Android vulnerabilities and signal.

“Android has almost 80% market share in Ukraine, and Signal has more than 2 million daily active users,” The Grugq wrote recently. “Android phones with Signal are robust security platforms. They are not military hardware, but they are perfectly capable of providing protection against a wide range of security threats. Including nation-state threat actors. Russia appears to lack Android or Signal ability.”

Leave a Comment