Zerodium reveals price list for zero-day exploits


Exploit acquisition platform Zerodium has just published a price chart for different classes of digital intrusion techniques and software targets that it buys from hackers and later resells in a subscription service to its clients.

This is important as it is the first time someone has publically put a price tag on hacking.

Consequently, it has gained a lot of attention and while some praise the move, others are disgusted.

Hacking a WordPress-based website and remotely executing code is fairly cheap – it can be done for $5,000 (£3,200). But doing same on Flash Player can cost you up to $50,000 (£32,000). Remote exploits that entirely defeat the security of an Android or Windows Phone device go for as much as $100,000. And an iOS attack can earn a hacker half a million dollars, by far the highest price on the list.

Wired, which broke the story, says the move "could actually encourage more hackers to sell the intrusion methods they create; Independent security researchers have long complained that the lack of public pricing in the zero-day trade makes it difficult for them to get a 'fair' price".

But there are other opinions, as well. Publicly trading in secret intrusion techniques has made Zerodium CEO Chaouki Bekrar a target for criticism from both the privacy community and the software companies whose hackable flaws he exploits for a profit. Google security staffer Justin Schuh once called him an "ethically challenged opportunist". ACLU lead technologist Chris Soghoian has labelled Bekrar’s Vupen a "modern-day merchant of death", selling "the bullets for cyberwar".

The full pricelist can be found on Zerodium’s website.

Published under license from, a Net Communities Ltd Publication. All rights reserved.

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.