An Android smartphone is now more difficult to hack than an iPhone, says Zerodium, a company specializing in buying and selling computer attacks. According to this firm, Google has been able to make significant improvements to Android security with each major new update over the years. Apple smartphones, on the other hand, suffer from serious security vulnerabilities identified in iMessage, the instant messaging protocol, and Safari, the default integrated web browser.
Zerodium has just updated its price list for the purchase of a piracy method. Now, a hacker who develops a trick to hack into an Android smartphone without owner interaction is paid up to $2.5 million. A similar process to hack into an iPhone is worth only $2 million. The situation was quite different one year ago. At the time, Android smartphone hackers could only expect $200,000.
Safari and iMessage Apps are vulnerable according to Zerodium
Zerodium found the opposite trend on iOS. “We have remarked an increase in the number of iOS operating chains in recent months, mainly within Safari and iMessage, developed and sold by researchers around the world. The market for iOS is flooded,” explains the CEO.
This summer, Google Project Zero discovered 4 implementations of 5 critical vulnerabilities recently discovered on iOS. These breaches made it possible to hack the iPhone remotely by sending a simple message via iMessage. Apple quickly fixed the vulnerabilities through an update.
“In response to these new technical challenges related to Android security and our observation of market trends, we believe it is time to give the highest bonuses to Android exploits until Apple improves iOS security and strengthens its weakest sections, iMessage, and Safari,” concludes Zerodium’s CEO. Not surprisingly, Google agrees with this. In early 2018, David Kleidermacher, the man in charge of Android security, said that “it is now much more difficult for hackers to find a critical security breach in the Android system.” Despite past mistakes, Google has managed to mature its mobile OS.
Android vs. iOS: it’s now easier to hack into an iPhone
Many hackers nowadays offer methods to hack into an iPhone. As a result, the market for computer attacks on iOS is saturated. Most operating brokers like Zerodium have always focused on iOS. Indeed, most of the iPhone on the market are up to date. According to Apple, 85% of iPhones are running on iOS 12. This excellent adoption rate makes it easier for hackers. All they have to do is focus their efforts on a single version of the OS.
It’s the opposite on Android. Each manufacturer uses a different overlay and components. Similarly, not all Android smartphones have installed Android 10, Pie or Oreo, the latest 3 versions of the OS. In the end, the fragmentation of Android complicates the work of hackers. “Android security improves with each new version of the operating system, thanks to the security teams of Google and Samsung. It is, therefore, becoming very difficult and tedious to develop complete operating chains for Android, and it is even more difficult to develop methods that do not require any user interaction,” says Chouakri Bekrar.