Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Security company Zimperium to spend $1.5m to acquire 'private exploits'

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

February 2, 2017

Security company Zimperium said today it will spend $1.5 million buying various hacks targeting security bugs in three-year-old Android KitKat and some other, older versions of iOS.

The California-based threat detection firm will spend that cash in acquiring private security exploits against public patched vulnerabilities dating back to at least the 2013 Android platform that was overtaken last year as Google's most popular mobile operating system.

Zimperium explicitly doesn't want zero day exploits, at any cost. The snapping up of exploits for existing security vulnerabilities is a rather new concept given that 'subscription hack brokers' such as Vupen and Zerodium regularly pay large amounts of money for exclusive zero day.

But it's important to note that older exploits are the highly effective bread and butter of black hat hacking. Obviously, zero days are much harder to detect and utilize in malicious ways.

Zimperium founder Zuk Avraham asserts that the security exploits will be handed to its private list of mobile phone clients including major wireless carriers and manufacturers like Samsung and Blackberry.

Subscribers will have between one and three months to figure out security patches or apply available fixes before the exploits are revealed online, unless the disclosing researcher objects.

The exploits, which require proof-of-concept demonstrations, will also help train the company's internal threat detection systems it sells to clients.

"We will provide ZHA mobile phone partners between one to three months advanced notice, before releasing the exploit publicly, unlike most exploit acquisition programs," Avraham asserted.

"We would like to encourage security researchers to provide proofs for exploitation of known security vulnerabilities. A few ZHA partners explained to us that without proof of exploitability, it’s difficult to convince all the various security teams to allocate more resources needed for a complete patch cycle, even for known issues," he added.

"We hope that this new initiative will encourage more security researchers to look into monthly security updates, and promote a better and safer environment," he said.

Remote exploits will be paid more than local hacks, with numbers determined by Zimperium's respected hacker team.

Just for the record, information disclosure and other security vulnerability classes are eligible for payment and crediting.

Android's diverse and rather large ecosystem features several dozens of versions and multiple variants. That makes it difficult to keep up and means that telcos and handset-makers seldom push security updates to users.

Only Apple devices and Google's Nexus-Pixel lines receive immediate security patching. All other devices that sport modified Android operating systems must wait for reluctant manufacturers to push patches into their platforms.

That effort often takes several months, if it even happens at all. This diversity can be an odd security boon since it means that various exploits that sometimes need to be tweaked to target different handset models.

Attackers don't have unlimited resources either, so even when they know about a bug they must decide which Android sets to target, making their lives more complicated.

Source: Zimperium Internet Security LLC.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer