The Spying Eye Waiting in Every DeviceVanity Fair has a great piece about zero day exploits, the black market for selling them (to mostly governments, including repressive regimes), how they’re used to spy, and how the whole thing came to be. The story, which is quite long, is built around a particular piece of sophisticated spyware discovered by a couple of researchers, and Apple’s “engineering feat” that patched against the exploits in just ten days.

[Update: Added link to article – Editor]

The piece clocks in at more than 6,500 words, or roughly 6,000 words than most people will read in today’s age of tl;dr. But boy, it’s a good read, and I encourage everyone to buckle down and gobble it up. Above and beyond the interesting info about security, this excellent piece of journalism helps highlight the need for end-to-end encryption and companies like Apple to champion it.

Here are some snippets to whet your appetite:

By 2010 a true black market for zero days was emerging beyond the usual black market. The turning point came when a French company named Vupen began to offer bounties for zero days, reportedly as much as $250,000. Vupen insisted its aim was keeping software safe, though many doubted that its intentions were so noble. Companies such as Hewlett-Packard and Microsoft responded with bounties of their own. Though far less than what Vupen and others were paying, these bounties offered white-hat hackers a way to make money while keeping their ethics intact. In addition, as former hackers, they might also end up with lucrative consulting contracts.


Apple managed to issue a “patch” to fix the three zero-day exploits just 10 days after the call, an engineering feat that surprised many of those involved. An Apple spokesman declined comment, but a Silicon Valley security consultant who works closely with the company says, “Apple had never seen anything like this—ever. This was an incredibly sophisticated nation-state attack, kind of breathtaking in its scope. This took a herculean effort on their part to patch it so fast. It was Katy-bar-the-door over there.”


“What these cyber-arms dealers have done is democratize digital surveillance,” says the A.C.L.U.’s Chris Soghoian. “The surveillance tools once only used by big governments are now available to anyone with a couple hundred grand to spend.” In fact, they may be coming to your iPhone sometime soon.

Go read it.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Oldest Most Voted
Inline Feedbacks
View all comments

Bryan, you should warn folks when you link to a page with a Yuuuge imbedded video that insists on downloading without being clicked on.

(It’s bad form. Really bad form, for webpages to imbed auto downloading vides !)

Rick Allen

Hi Bryan – I may be missing something. Did you include a link somewhere?


Hacking devices.
Today the German Spy chief warned about hacking in the upcoming German election
Both parties in the American election had data hacked, the Democrats most famously.
There is suspicion that some voting systems were hacked.
Cyber espionage is rampant.
Before Russia moved into parts of Georgia, and Ukraine, and during tensions with Estonia, the respective countries found their cyber infrastructure partially or wholly disabled due to cyber attacks.

There IS a cyber war going on. The West, including companies, democratic institutions, and freedom loving people are losing,..badly.

Wake Up.