Jump to content
  • Company That Buys Zero-Day Hacks Now Wants Exploits for Popular VPNs

    aum

    • 533 views
    • 3 minutes
     Share


    • 533 views
    • 3 minutes

    Zerodium is looking to acquire exploits for NordVPN, ExpressVPN, and Surfshark, signaling that its government clients may want to spy on some VPN users.

     

    Uh oh. An infamous company that pays thousands of dollars for iOS and Android hacking techniques is now out to acquire zero-day exploits for three popular VPN services. 

     

    Zerodium today sent out a tweet calling for “zero-days” or publicly unknown attacks that work against ExpressVPN, NordVPN, or Surfshark. The attacks must be capable of leaking information from the VPNs, such as a computer’s IP address. Zerodium will also pay for exploits that can trigger a VPN to remotely execute computer code.

     

     

    Zerodium didn't say how much it's willing to pay for the hacking techniques. But its bounties can range from $100,000 up to $2.5 million for the most powerful zero-day exploits against Android and iOS. For now, Zerodium is merely calling on hackers and security researchers to submit “pre-offers” for the zero-day exploits via its website.  

     

    Zerodium's tweet is unsettling, given that ExpressVPN, NordVPN, and Surfshark are highly rated and popular VPN services. But it's also true that hackers and fraudsters rely on VPN services too.

     

    The technology works by rerouting your internet activity to the VPN provider’s servers and encrypting the connection, which can prevent an internet service provider from learning what you’ve been browsing. However, the zero-day exploits Zerodium is asking for could unravel the encryption and even hijack your PC or smartphone. 

     

    The bounty from Zerodium also suggests the company’s clients are looking to spy on some users of the three VPN apps. Those customers include government institutions in the US and Europe “in need of advanced zero-day exploits and cybersecurity capabilities,” according to Zerodium’s website. 

     

    “At Zerodium we take ethics very seriously and we choose our customers very carefully through a very strict due diligence and vetting process,” the site adds. “Access to acquired zero-day research is highly restricted and is limited to a very small number of government clients.”

     

    Zerodium—along with ExpressVPN, NordVPN, and Surfshark—didn’t immediately respond to a request for comment. However, both ExpressVPN and NordVPN offer bug bounties, which means they'll pay you for uncovering vulnerabilities in their software. Still, the rewards are far lower than what Zerodium can potentially offer.

     

    < View the video at the source page. >

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...