An Android smartphone is now more difficult to hack than an iPhone, says Zerodium, a company specializing in buying and selling computer attacks. According to her, Google has been able to make significant improvements to Android security with each major new update. Apple smartphones, on the other hand, suffer from serious security vulnerabilities identified in iMessage, the instant messaging protocol, and Safari, the default integrated web browser.
Zerodium has just updated its price list for the purchase of a piracy method, our ZDNet colleagues report. Now, a hacker who develops a trick to hack into an Android smartphone without owner interaction is paid up to $2.5 million. A similar process to hack into an iPhone is worth only $2 million. The situation was quite different only a year ago. At the time, Android smartphone hackers could only expect $200,000. “For the first time, we will pay more for Android than for iOS,” says Zerodium on his Twitter account.
Android vs iOS: it’s now easier to hack into an iPhone
Asked by ZDnet, Chouakri Bekrar, CEO of Zerodium, explains that many hackers nowadays offer methods to hack into an iPhone. As a result, the market for computer attacks on iOS is saturated. Most operating brokers like Zerodium have always focused on iOS. Indeed, most of the iPhone on the market are up to date. According to Apple, 85% of iPhone are running on iOS 12. This excellent adoption rate obviously makes it easier for hackers. All they have to do is focus their efforts on a single version of the OS.
It’s obviously the opposite on Android. Each manufacturer uses a different overlay and components. Similarly, not all Android smartphones have installed Android 10, Pie or Oreo, the latest 3 versions of the OS. In the end, the fragmentation of Android complicates the work of hackers. “Android security improves with each new version of the operating system thanks to the security teams of Google and Samsung. It is therefore becoming very difficult and tedious to develop complete operating chains for Android, and it is even more difficult to develop methods that do not require any user interaction,” adds Chouakri Bekrar.
Safari and iMessage are vulnerable, says Zerodium
Zerodium found the opposite trend on iOS. “In recent months, we have seen an increase in the number of iOS operating chains, mainly within Safari and iMessage, developed and sold by researchers around the world. The market for iOS is flooded,” explains the CEO. This summer, Google Project Zero discovered 4 implementations of 5 critical vulnerabilities recently discovered on iOS. These breaches made it possible to hack iPhone remotely by sending a simple message via iMessage. Apple quickly fixed the vulnerabilities through an update.
“In response to these new technical challenges related to Android security and our observation of market trends, we believe it is time to give the highest bonuses to Android exploits until Apple improves iOS security and strengthens its weakest sections, iMessage and Safari,” concludes Zerodium’s CEO. Not surprisingly, Google agrees with this. In early 2018, David Kleidermacher, the man in charge of Android security, said that “it is now much more difficult for hackers to find a critical security breach in the Android system”. Despite past mistakes, Google has managed to mature its mobile OS. What do you think of Zerodium’s findings? Is iOS on the wrong track? Your opinion is awaited in the comments.
Announcement: We’ve updated our prices for major Mobile exploits. For the first time, we will be paying more for Android than iOS. We’ve also increased WhatsApp & iMessage (0-click) but reduced the payout for iOS (1-click) in accordance with market trends:https://t.co/0NBRnq4I4y pic.twitter.com/XqpmAKmmKF
— Zerodium (@Zerodium) September 3, 2019