The cost of hacking smartphones using WhatsApp are going steadily up, driven by advancements in security mechanisms and mitigations within the platform. It is thus not a wonder that the landscape of hacking has undergone a significant transformation in a world where data security is paramount, and in which WhatsApp hacks promises to be a lucrative endeavour. According to a recent report by TechCrunch, hacking techniques for WhatsApp have surged in value, specially zero-day hacks, reaching millions of dollars.
The evolution of cybersecurity has made hacking cell phones, especially when targeting renowned apps like WhatsApp, a high-stakes game. Zero-day exploits, which capitalize on undisclosed software flaws, are the currency of this clandestine world. Last week, a Russian company engaged in acquiring zero-days offered a staggering $20 million for chains of bugs enabling the remote compromise of both iOS and Android phones. The customers, according to the TechCrunch report, are “Russian private and government organizations.”
While Russia’s geopolitical circumstances contribute (to an extent) to the exorbitant price tags, it’s crucial to note that the surge in prices is not confined to Russia alone. Even beyond Russia, including the global market for exploits in specific apps, prices have soared. WhatsApp, being a widely used platform and a household name with a huge user base, has garnered significant attention from government hackers, who are more inclined to utilize zero-days.
Zero-click remote code execution (RCE) exploits, a particularly potent weapon in the hacker’s arsenal, are highly sought after. These exploits demand no interaction from the target, rendering them stealthier and harder to detect. In 2021, leaked documents revealed that a company was selling a zero-click RCE exploit for WhatsApp on Android for approximately $1.7 million. This exploit was functional on Android versions 9 to 11, released in 2020, and capitalized on a flaw in the image rendering library. In time, WhatsApp took care of three vulnerabilities – CVE-2020-1890, CVE-2020-1910 and CVE-2021-24041.
For tech companies like WhatsApp’s parent company, Meta, the rising costs of cybersecurity are a substantial concern. To protect their users and maintain trust, major investments in security research, vulnerability patching, and threat detection are a must. The likes of Apple are already working on the matter – the Cupertino-headquartered tech giant has introduced features like Lockdown Mode, designed to protect users who fear surveillance. The company continually fortifies its security measures to safeguard targeted users.
The value of targeting WhatsApp lies in its role as a stepping stone to broader device compromise. Government hackers, driven by the desire to observe their targets, often cobble together multiple exploits in a chain to achieve their objectives comprehensively. And the escalating cost of WhatsApp exploits can be attributed to a multitude of factors. Frequent security updates on both iOS and Android have enhanced device protection, making it harder for hackers to access private WhatsApp data. Additionally, Russia’s ongoing invasion of Ukraine has driven up the prices for exploits.