Bounty for Encrypted Messaging Exploits: $500,000

Governments continue to wring their hands over the bevy of encrypted messaging applications that make easy surveillance of suspects’ electronic communications futile. But there is another option: finding software vulnerabilities that can undermine the security of applications such as Telegram, WhatsApp, Signal and more.

That’s the market for Boston-based Zerodium, a broker of so-called zero-day software vulnerabilities, referring to flaws for which there is no patch. On Wednesday, Zerodium added a slew of encrypted messaging apps to the list of one-stop-pop exploits it wants to buy and resell to its shadowy clients.

Zerodium, in the theme of its tongue-in-cheek name, has a faux periodic table that describes what it will pay for certain kinds of software vulnerabilities. It says it will now pay up to $500,000 for either remote code execution or local privilege escalation vulnerabilities in such messaging applications as iMessage, Telegram, WhatsApp, Signal, Facebook, Viber and WeChat.

Continue reading…