Zimperium Unveils Exploit Acquisition Program for Android and iOS devices

February 1, 2017

By focusing on N-days, or patched vulnerabilities, Zimperium is helping accelerate how mobile security updates are delivered.

Zimperium’s program encourages security research by rewarding the hard work of researchers who wouldn’t otherwise receive compensation. For example, professional hacking groups often purchase zero-day exploits for anywhere from a few thousand dollars up to 1 million dollars for a full, remote exploit chain. However, as soon as a patch is available, that exploit becomes worthless from a monetary perspective.

“Unfortunately, the security patching process for mobile devices' operating systems is extremely slow, which leaves companies and individuals highly vulnerable to dozens of security threats,” said Zuk Avraham, Founder and Chairman at Zimperium. “Through this program, our customers, partners, and the infosec community will get access to exploits and exploit techniques so that they will be able to provide better protection from existing threats.”

Zimperium is changing that model and allocating $1.5 million to purchase N-day exploits. A committee built from select members of Zimperium’s renowned research team, zLabs, will evaluate remote and local exploits, information disclosure exploits and others, for purchase.

Zimperium will use the exploits to further enhance its machine learning-based threat detection engine, z9. Since many devices in BYOD and company-provided mobile device environments may be outdated and cannot receive patches, Zimperium will provide compatibility support for versions that vendors no longer support (e.g. Android 4.1).

With the researcher’s permission, the exploit will first be released to members of the Zimperium’s Handset Alliance (ZHA), which includes Samsung, Softbank, Telstra, Blackberry and more than 30 members from the most well-known handset vendors and mobile carriers in the world. For those that are not members of ZHA, Zimperium will publicly release the exploit, one to three months later, crediting the appropriate researcher. Security contacts of carriers and vendors are welcome to join ZHA at no cost.

Terms of Use | Copyright © 2002 - 2016 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement