It is a million dollar payday for vulnerability researchers who found an iPhone 0-Day hack. Recently, Zerodium recently announced the sizeable payout to a team of hackers who successfully developed a technique which can target the Apple operating system. This exploitable code-weakness is reported to be able to undermine the security of any iPhone or iPad which visits a maliciously created website.
With such monetary rewards, the reflection of a true market value, this trend of high profile research will continue. It is a double-edged sword and both helps bolster long term product security as well as undermining it in the short term. Vulnerability discoveries bring to light existing weaknesses and tend to motivate developers to invest more resources in improving security in their products. It is much less expensive and embarrassing to squash such bugs before products are released versus after they are in the hands of customers. On the darker side, such discoveries may allow exclusive access to the highest bidder for a period of time, until the vendor can figure out the problem and apply a suitable fix.
The cybersecurity industry is still in its infancy and vulnerability research is a hotly debated topic. We have a lot to learn and experience before we reach a healthy state. One thing is for sure: the economic impacts are growing. Just ask those who will be cashing a million dollar check or those tasked with finding a way to protect vulnerable systems. The costs, impacts, and opportunities of security are going up. Consider if such hacks are worth a million dollars today, what price will such desirable vulnerabilities command in a year from now?
Intel IT Network: Collection of My Previous Posts