Meet the Tiny Startup That Sells IPhone and Android Zero Days To Governments (vice.com) 48
An anonymous reader writes: The story of Azimuth Security, a tiny startup in Australia, provides a rare peek inside the secretive industry that helps government hackers get around encryption. Azimuth is part of an opaque, little known corner of the intelligence world made of hackers who develop and sell expensive exploits to break into popular technologies like iOS, Chrome, Android and Tor.
And this is ethical because...?????
Because it's profitable of course..
They do claim to only sell their uncovered secrets to a "select group of countries and not repressive" ones.
provides exploits to
... the United States, United Kingdom, Canada, Australia, and New Zealand.
That's how they answer this ethics question. Which may or may not work for you.
But that's not the ethical problem.
The ethical problem is hoarding exploits rather than responsibly reporting them to the software vendors. This puts many people at risk to serve the needs of the few.
Mysteriously those countries are all part of the "Five eyes". Coincidence much?
Re:Ethics? (Score:5, Interesting)
Ethics, in a nutshell, is "Do the right things for the right reasons". Figuring out and agreeing upon what the right things are and what the right reasons are, is the hard part. Everything with ethics depends on context. Lying may or may not be ethical depending upon the situation at hand. Lying to a man who has a school full of children as hostages, ethical. Lying to your spouse about cheating, unethical. And the lying part of the unethical example I just gave may have other situational conditions that make it ethical.
Context is key and ethics are in the eye of the beholder...
It isn't. And I'm ashamed.
So we have azimuth, can I have the correct elevation, too? I'll take care of the rest, then...
*A* NOT *THE* (Score:4, Insightful)
Important differentiation. This makes it sound like they are the original or only startup doing this.
This has literally been done for a decade for smartphones and probably 2-3 decades for computers (Hint: Israel has a *HUGE* computer security industry which runs off this exact type of business. I am sure there are places in every major nation doing the same, albeit most of them not as well.)
Sorry, that exploit doesn't work on this batch of terrorists. It would literally be like beating a dead horse.
You are not holding it correctly.
While the trade is commonly painted as a wild west full of mercenaries who sell hacking tools to whoever can afford them, over a dozen well-placed sources described an overlooked section of the industry that focuses on supplying to a select group of democratic governments, rather than authoritarian regimes.
Phew! I'm glad that there are still people who can tell the difference between "democratic governments" and authoritarian regimes, especially in the field of violating basic human rights.
They must not have anything too great since the US government repeatedly tries to force Apple to implement back doors.
TOR entry/exit points need a platform to run on. Exploit this platform and you've got a good starting point for an attack vector.
other customers might not be properly acknowledged; might not even be sold by the company but by an employee who is running short of cash this month
Companies like Microsoft and Google and Apple would probably rather not have exploits in their software bought and sold on the open market I am sure so why haven't they lobbied governments to make such buying and selling of vulnerabilities illegal (with heavy penalties up to jail time for violations).
It should be illegal for anyone except the vendor of the software to buy such vulnerabilities (companies, governments, anyone) and illegal to sell it to anyone other than the original vendor.
