New Zero-Day Startup Offers $20 Million for Tools That Can Hack Any Smartphone

A new United Arab Emirates-based startup, Advanced Security Solutions (ASS), has launched this month and is now offering some of the highest prices in the zero-day market. The company's offerings include bounties for exploits that can help governments break into any smartphone with a text message, making it one of the most valuable tools for hackers working for law enforcement and intelligence agencies.

ASS is offering up to $20 million for zero-days that target mobile operating systems, with $15 million available for Android devices and iPhones. The company also offers bounties for exploits in various software, including $10 million for Windows, $5 million for Chrome, and $1 million for Apple's Safari and Microsoft Edge browsers.

The company's website claims to be staffed exclusively by professionals with over 20 years of operational experience in elite intelligence units and private military contractors. However, the company has not responded to a series of questions regarding its funding, ownership, or running structure, as well as whether it has any self-imposed ethical or legal restrictions on which governments it sells to.

A security researcher with experience in the zero-day industry told TechCrunch that the prices offered by ASS are approximately in line with the current market. "Normally these advertised prices are in the ballpark," the person said, adding that the $20 million bounty is "low depending on how unscrupulous you are." The researcher also warned that personally, he wouldn’t deal with a company that doesn't disclose who is behind it.

The market for zero-days has expanded considerably over the last 10 years, both in terms of the number of companies participating and the prices offered. In 2015, Zerodium, a broker that acquires zero-days from researchers and resells them to governments, was among the first-ever companies to publicize their price list. Since then, the prices have skyrocketed, with Crowdfense offering up to $7 million for zero-days to break into iPhones last year.

Customers can also buy zero-days for specific apps, especially messaging apps like WhatsApp and Telegram. For its part, ASS offers $2 million for Telegram, Signal, and WhatsApp zero-days. Russian zero-day company Operation Zero was an outlier in the market, offering up to $20 million for the same type of exploits that ASS is looking for.

More About Advanced Security Solutions

To learn more about ASS or other zero-day providers, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.

Do you have any questions or comments about Advanced Security Solutions or the zero-day market? Fill out our survey to let us know how we’re doing and get the chance to win a prize in return!

About Lorenzo Franceschi-Bicchierai

Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy. You can contact or verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.