Crowdfense, a startup company based out of the United Arab Emirates is offering up to $3 million for anyone who can offer a zero-day exploit on macOS, iOS, Android or Windows.
Motherboard reports that the startup put out a bug bounty on Tuesday.
Zero-day exploits are bugs or vulnerabilities that are unknown to the developers, in this case Google, Apple, or Microsoft. This allows companies such as Crowdfense to use the hole for their own personal advantage, such as developing jailbreak tools.
However, in this case, the company wants to sell the details to law enforcement and intelligence agencies, according to Crowdfense director Andrea Zapparoli.
“When I think about government agencies I don’t think about the military part, I think about the civilian part, that works against crime, terrorism, and stuff like that,” Zapparoli told me in a phone interview. “We only focus on tools aimed at doing activities of law enforcement or intelligence, not aimed at destroying or deteriorating the functionality and effectiveness of the target systems—but only aimed at collecting intelligence.”
The company is only interested in macOS, iOS, Android and Windows exploits specifically and is not interested in exploits for IoT devices, telecom, critical infrastructure or social media.
The company plans on taking a vastly different approach then most who are looking for zero-day exploits. It’s focus is on maximizing transparency. With that being said, Crowdfense has not disclosed who they’re talking to or what they plan on doing with such exploits.
The budget for its bug bounty program is currently set at $10 million. Anyone willing to work with the company is also not being disclosed at this time. Zapparoli declined to mention who invested in the company.
Back in 2016, Apple launched its own bug bounty program to catch bugs such as zero-day exploits. However, the program was largely ignored as payouts in the black market and other hacker groups were much higher than Apple’s low $200K payouts.