Finally Android devices are more secure than Apple devices

As we have mentioned in previous occasions, the concept “zero-day vulnerability” refers to flaws in software never before discovered and whose exploitation does not require user of the compromised system interaction. Among the cybersecurity community, there are companies like Zerodium that buy reports on zero-day vulnerabilities, but it’s important to ask yourself: why is the interest in these security flaws?

While malicious hackers seek such
vulnerabilities to cause severe large-scale damage, tech companies and some
companies like Zerodium, known as “exploit brokers,” try to
collaborate closely with researchers discovering these flaws to prevent their
exploitation and strengthen the security of the most widely used technological
ecosystems in the world.

According to cybersecurity experts, Zerodium is
currently looking for the acquisition of zero-day exploits that impact some of
the most commonly used software implementations today, including developments
such as:

• Operating
  systems: Microsoft Windows, Linux, Apple macOS, among others
• Browsers:
  Chrome, Edge, Firefox and Safari
• Smartphones:
  Apple iOS in its versions 12.x and 13.x, Android 8.x and 9.x, BlackBerry 10 and
  Windows 10 Mobile
• Routers:
  ASUS, Cisco, D-Link, Huawei, Linksys, MikroTik, Netgear, TP-Link
• Email
  servers: Microsoft Exchange, Dovecot, Postfix, Exim and Sendmail

On the other hand, by releasing updates to its
vulnerability bounty program, the company announced that now it’s willing to
pay up to $2.5 million USD for vulnerabilities in the Android
operating system that do not require victims’ interaction for their exploitation,
the highest amount ever paid for an Android flaw. Second, the company will pay
up to $2 million USD for a similar exploit on iOS, Apple’s operating system.

The popular idea, according to cybersecurity
experts, is that iOS devices have always been more secure than those running
Android OS, so why is Zerodium willing to pay more money for a supposedly
easier to discover flaw? Cybersecurity experts mention that there are two
reasons for this; first, the latest versions of the Android operating system
have become more secure, so zero-days are becoming increasingly difficult to
find. In addition, multiple zero-day vulnerabilities have recently been
revealed on iOS, even during the beta test of the new iOS 13 system, a
phenomenon that has influenced on the value that receive flaws in this system.

With the announcement of Zerodium, we can only
wait for researchers to be able to discover these failures in the systems
mentioned, however, there is still a disjunction for experts; in case of
discovering one of these flaws, experts will have to decide whether to report
directly to the affected companies, or to resort to exploit brokers, which offer
better rewards but which tend to resell these reports to companies or even some
government agencies.

According to experts from the International
Cyber Security Institute (IICS) companies like Zerodium have been increasing
the amounts they offer as a reward for these kinds of errors. The company
recently announced rewards of up to $500,000 for Linux errors, as well as for
multiple system distributions.

Comments are closed.