Usually, a bug bounty program helps companies secure their software and products from zero-day vulnerabilities that can cause massive damage if cybercriminals get their hands on them.
In the record, Zerodium command grants a sum of $1 million to the successful member. But will the group share those zero-day flaws with Tor? Well, possibly not since the company’s Tor Bounty page suggests that some individual goal of launching the special bounty for Tor is to “help our government customers fight crime and make the world a better and safer place for all.”
“While Tor system and Tor Browser are fabulous plans that allow authorized users to adjust their privacy and security on each internet, the Tor network and browser are, in many cases, used by ugly people to conduct activities such as drug trafficking or child abuse,” states Zerodium.
Though Zerodium, an American erudition security organization, and premium zero-day acquisition policies have launched a Tor Browser Zero-Day Bounty; the purpose of which is to get hackers and contract researchers to find zero-day flaws in Tor browser on Tails Linux and Windows running system and report it to the company.
Zerodium must be promoting bug premium appointments for the last few years. In August, the partnership started memoranda to hack Messenger apps such as Telegram, WeChat, iMessage, WhatsApp, Signal and Facebook Messenger.
Moreover, the assent opinion analysis need rely on private, private, unknown, and unreported zero-days, and must bypass all exploit reductions applicable to each target category. The initial attack vector must be a web page targeting the latest versions of Tor Browser while The whole exploitation process should be achieved silently, without triggering any message or popup, and without requiring any user interaction except visiting a web page.
The group also invited hackers to find zero-day flaws in iPhone and remotely hack the device and receive $1,500,000 in return. Moreover, platforms like Windows 10, Chrome, Firefox, and WordPress, etc. are also in line for the hackers to try their skills.
“Nonetheless, because the company has insinuated that these exploits will be shared with government it will be important to see the response from privacy advocates since Microsoft a couple of a months before pushed administration companies for not sharing vulnerabilities with manufacturers and piling up codes of software that can be easily stolen by hackers and exploited for their own unscrupulous gain.
Tor network itself launched its first public bug bonus program back in July this year. Naturally, this premium for which is only $4000 since it’s run by a combination of volunteer-operated servers that enables people to improve their privacy and security on the Internet.