In a not so surprising turn of events, zero-day Android exploits now cost more than iOS exploits. Since its inception, Apple’s iOS has always been considered one of the safest platforms with multiple layers of security and encryption. The tables seems to be turning though. Security improvements made by Google have made it more difficult for hackers to gain access to Android devices.
Popular exploit acquisition platform Zerodium is now making bigger payouts for zero-click Android exploits. These exploits give hackers complete access to an Android device without any user interaction. In comparison, iOS exploits have become less valuable due to the large availability of similar hacks for the platform.
Zerodium (via Ars Technica) now pays a whopping $2.5 million per zero-click Android exploit. Similar iOS exploits cost $2 million a pop. Zerodium CEO Chaouki Bekrar told the publication that they are flooded with iOS exploits that manipulate software vulnerabilities to gain access to iPhones. According to the him, these exploits are mostly spread through Safari or iMessage on iOS.
Apple in the spotlight
Teams over at Google’s Project Zero have been actively discovering iOS exploits in the wild. Researchers at Project Zero recently revealed an iMessage vulnerability that gives hackers access to system files on iPhones. Another one gives access to live location, photos, messages, and more on updated devices. 14 such iOS exploits were detailed by Project Zero, but thankfully, Apple has patched these issues.
“The latest set of zero-days affecting Apple’s platform announced by Google’s Project Zero were a bit of a wakeup call shattering our views on the iOS ecosystem and its security,” Jerome Segura, Director of Threat Intelligence at Malwarebytes, told Ars.
Zerodium’s Bekrar says, “Android security is improving with every new release of the OS thanks to the security teams of Google and Samsung.” He adds that it is very hard to develop zero-click exploits for Android now because of multiple technical challenges.
Keeping with these trends, Zerodium has decided to offer a larger bounty to researchers that come up with Android exploits.
It’s always good practice to keep your smartphones up to date in order to keep hackers from targeting your devices with such exploits. Check out our handy list of manufacturers that update their Android smartphones the fastest.