← Back to context

Comment by MuffinFlavored

2 years ago

> 2-3 million dollars is not “amazing”.

I don't know. $2-3m for reading code in Ghidra and throwing stuff at a wall until something sticks? Maybe some fuzzing, etc.

I get that you theoretically could find an exploit that for example, you send to 100 known wealthy people, and with it you steal saved cookies + device IDs from financial apps and then try to transfer their funds/assets to an account you control but...

Could you really pull that off 100 times before Apple catches on?

I guess you could... easily... now that I think about it.

3 comments

MuffinFlavored

Reply
sweetjuly  2 years ago

this has the (un)fortunate consequence of being illegal. Writing exploits and selling them to a friendly government, on the other hand, is totally legal. Plus, then you can sell support contracts for that sweet recurring revenue!

  • dmichulke  2 years ago

    This also makes you a target for enemy services (for enabling "friendly government") and friendly services for being a potential whistleblower.

    Quite the cost in my eyes...