To avail the prize money, you have to find remote code execution and local privilege escalation vulnerabilities in these two applications. A huge offer like this may actually damage the trust users have towards these messaging platforms, but actually, the firm is not into making tools to attack the users.
What’s in it for them?
This firm, rather than attacking the users with the flaws they found, they sell these zero day bugs to various organizations and governments, even though they do not inform whom they sell the information to. The major customers of ZERODIUM are huge corporations in defense, technology, and finance. They also sell the zero day information to government organizations when they need specific cyber security capabilities.
Win $1.5 million by hacking an iPhone
Apart from the latest WhatsApp exploit, Zerodium is offering other huge changes like winning $1,5 million by hacking an iPhone. It is not yet clear if someone ever discovered such an exploit and sold it to the company. “ZERODIUM pays premium bounties and rewards to security researchers to acquire their original and previously unreported zero-day research affecting major operating systems, software, and devices. The majority of existing bug bounty programs accept almost any kind of vulnerabilities and [proof of concepts] but pay very low rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market,” the website adds.