The zero-day broker Zerodium offers $1 million for Tor Browser exploits with the intent to unmask Tor users. The controversial firm will then resell the zero-day exploit for Tor browser to law enforcement and government agencies, officially to give them a further instrument to de-anonymize Tor users in their investigations.
The company is searching for working exploits for Tor browser running on Windows and the privacy-focused Linux distro Tails OS.
“ZERODIUM, the premium zero-day acquisition platform, announces and hosts a Tor Browser Zero-Day Bounty. ZERODIUM will pay a total of one million U.S. dollars ($1,000,000) in rewards to acquire zero-day exploits for Tor Browser on Tails Linux and Windows.” reads the announcement published by ZERODIUM. “The bounty is open until November 30th, 2017 at 6:00pm EDT, and may be terminated prior to its expiration if the total payout to researchers reaches one million U.S. dollars ($1,000,000).”
The Tor Browser bounty will run until November 30, but the company added that it may be closed earlier if the $1 million reward amount is paid out.
Zerodium is requesting exploits that could be used to trick targeted users into visiting a specially crafted web page.
The full price list is reported in the following table:
In August, Zerodium offered up to $500,000 for remote code execution and privilege escalation vulnerabilities affecting popular instant messaging and email applications.
(Security Affairs – Tor Browser, bug bounty)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.