Flaws allowing you to hack a WhatsApp account are sold at a high price on the vulnerabilities market. In recent years, the bonuses offered to researchers who discover a breach giving access to a target’s messages have even increased significantly…

　　WhatsApp’s “zero day” security flaws are popular, indicate our colleagues at TechCrunch. According to the media, an undisclosed and unpatched vulnerability messaging sometimes costs several million dollars on the market.

　　Since 2021, a flaw allowing the WhatsApp account of an Android smartphone user to be compromised is worth between $1.7 and $8 million. Some companies, including private organizations or government entities, are willing to pay a fortune to be able to view messages exchanged on WhatsApp by individuals.

　　Two years ago, an unnamed company sold a WhatsApp breach for $1.7 million. This vulnerability allowed the attacker toexecute code remotely on the target’s smartphone. Ultimately, the hacker could spy on the messages and transfer them to a remote server. Best of all, it was a zero-click vulnerability. Unlike some vulnerabilities that require the user to click on a link or open a compromised file, a “zero click” vulnerability can be exploited automatically without any interaction from the target.

　　A week ago, a Russian company called Operation Zero raised the prices offered for a security breach. Now it offers from 200,000 to 20 million dollars for a WhatsApp vulnerability on Android or iOS. once purchased, the breach is resold at “Russian private and government organizations”assures Operation Zero.

　　For Operation Zero CEO Sergey Zelenyuk, the flaws “for mobile phones are the most expensive products at the moment and they are mainly used by government actors”. Prices have also risen sharply in recent years. This increase is explained by the gradual improvement of updates and security mechanisms on smartphones and the Russian invasion of Ukraine. In a war context, there is no not many researchers ready to work with Russiawhich pushes entities dependent on the Kremlin to increase the bonuses offered.

　　Unsurprisingly, WhatsApp is a prime target for cyberespionage experts, particularly those who work for governments. By spying on a target’s WhatsApp conversations, it is possible to gather a wealth of valuable information.

　　In some cases, attackers no longer even need to compromise the entire smartphone. In other cases, they use access to WhatsApp as a starting point towards taking complete control of the phone. As CyberNews explains, so-called “zero day” vulnerabilities represent “a unique breed of cyber threat, which leaves no room for error and grants attackers an unprecedented advantage”. This is why they are highly sought after and sell for high prices.

　　Source :

　　TechCrunch