Russians pay up to 20 million dollars. They are looking for loopholes in smartphones

The Russian company OpZero is now ready to pay up to $20 million for detecting security gaps in iPhones and Android smartphones. According to a short announcement on the X (formerly Twitter), the raise in payouts for researchers is the result of growing market demand.

The change is reported by the cybernews service. OpZero is an exploit broker who, after the recent announcement, is willing to pay between 200 thousand to 20 million dollars for reported 0-day vulnerabilities related to remote code execution, privilege escalation, sandbox bypass, or for a full chain - we read in a post on the X (formerly Twitter). "As always," the end user is supposed to be someone outside the group of NATO member states.

On the one hand, the post reflects the changing situation in the market and shows how much potential clients value information about a 0-day gap, which they could duly patch up. On the other hand - as suggested by the cybernews service - there is a theory that OpZero company is essentially financed by the Kremlin, so consequently the reported security gaps in smartphones could be initially used for instance to track phones as a part of a broader concept of cyber warfare.

Ironic posts are already appearing on X service under the OpZero announcement, suggesting that it's an investment in spy operations in non-NATO countries. Of course, 0-day vulnerabilities and their detection are an everyday reality, not an unlikely scenario, which is why the declared payouts of up to $20 million per report are within the reach of researchers. According to Google Project Zero, 45 0-day vulnerabilities have already been detected in software since the beginning of 2023, which is more than in the whole of 2022.