Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Government The Almighty Buck

Meet the Tiny Startup That Sells IPhone and Android Zero Days To Governments (vice.com) 51

An anonymous reader writes: The story of Azimuth Security, a tiny startup in Australia, provides a rare peek inside the secretive industry that helps government hackers get around encryption. Azimuth is part of an opaque, little known corner of the intelligence world made of hackers who develop and sell expensive exploits to break into popular technologies like iOS, Chrome, Android and Tor.
This discussion has been archived. No new comments can be posted.

Meet the Tiny Startup That Sells IPhone and Android Zero Days To Governments

Comments Filter:
  • by Anonymous Coward
    Elite Dundee!
  • by K. S. Kyosuke ( 729550 ) on Wednesday February 07, 2018 @12:55PM (#56084121)
    More like Azimuth Insecurity, right?
  • *A* NOT *THE* (Score:4, Insightful)

    by Anonymous Coward on Wednesday February 07, 2018 @01:00PM (#56084163)

    Important differentiation. This makes it sound like they are the original or only startup doing this.

    This has literally been done for a decade for smartphones and probably 2-3 decades for computers (Hint: Israel has a *HUGE* computer security industry which runs off this exact type of business. I am sure there are places in every major nation doing the same, albeit most of them not as well.)

  • I have zero day to sell that allows local unlocking of any smartphone still in possession of original owner. This very powerful vulnerability can be yours for just 1MILLION! dogecoins. The exploit vector involves a rubber house [wikipedia.org]. Ideal for government use.
    • Sorry, that exploit doesn't work on this batch of terrorists. It would literally be like beating a dead horse.

      • by sinij ( 911942 )

        Sorry, that exploit doesn't work on this batch of terrorists. It would literally be like beating a dead horse.

        You are not holding it correctly.

  • by Errol backfiring ( 1280012 ) on Wednesday February 07, 2018 @01:15PM (#56084283) Journal

    While the trade is commonly painted as a wild west full of mercenaries who sell hacking tools to whoever can afford them, over a dozen well-placed sources described an overlooked section of the industry that focuses on supplying to a select group of democratic governments, rather than authoritarian regimes.

    Phew! I'm glad that there are still people who can tell the difference between "democratic governments" and authoritarian regimes, especially in the field of violating basic human rights.

  • other customers might not be properly acknowledged; might not even be sold by the company but by an employee who is running short of cash this month ...

  • by jonwil ( 467024 ) on Wednesday February 07, 2018 @06:24PM (#56086107)

    Companies like Microsoft and Google and Apple would probably rather not have exploits in their software bought and sold on the open market I am sure so why haven't they lobbied governments to make such buying and selling of vulnerabilities illegal (with heavy penalties up to jail time for violations).

    It should be illegal for anyone except the vendor of the software to buy such vulnerabilities (companies, governments, anyone) and illegal to sell it to anyone other than the original vendor.

    With less market to sell to and heavy penalties, the only people still active will be the black hats who provide vulnerabilities to malware authors and criminal gangs and the like and where there is no risk of being caught and punished (because they are in countries like Russia where the criminal gangs running the cybercrime operations are in good with the government) and there are a lot less of those.

    Some will say that if you ban this it will just drive it deeper underground but the criminal gangs and such who want to use vulnerabilities for bad things (malware, cyber attacks, stealing credit card numbers etc) are already deep underground along with the hackers that supply them and most of those operating semi-legitimately probably dont particularly want to go to jail and aren't suddenly going to start selling their services to the Russian cybercrime gangs.

    Less vulnerabilities will be floating around out there to be exploited and less people will be engaged in the business of finding vulnerabilities for abusive purposes (meaning the vendors and other white hats who look for vulnerabilities with the intent of fixing them will have less competition)

"When anyone says `theoretically,' they really mean `not really.'" -- David Parnas