We are Pwnables

Premium acquisition program
only for mobile zero-day
exploits and advanced mobile cybersecurity research.

About Pwnables

Pwnables is a premium mobile exploit acquisition program focus only on mobile platforms exploit codes. We believe in paying the appropriate financial rewards to support the research of independent security researchers.

"We pay BIG bounties, not bug bounties".

Payout Program

Our payouts for eligible zero-day exploits range from $25,000 to $1,500,000 per submission. The amounts paid by us to researchers to acquire their original zero-day exploits depend on the popularity and security strength of the affected software/system, as well as the quality of the submitted exploit (full or partial chain, supported versions/systems/architectures, reliability, bypassed exploit mitigations, default vs. non-default component, process continuation, etc). For more information, please read our FAQ. The payout ranges listed below are provided for information only and are intended for fully functional/reliable exploits meeting our highest requirements. We may pay higher rewards for exceptional exploits or research.

Category/Application OS Payout for RCE Payout for SBX Payout for LPE Payout for RCE + LPE
0-click Remote Jailbreak/Root(persistence) androidapple - - - Up to $1,500,000
Remote Jailbreak/Root(persistence) androidapple - - - Up to $1,000,000
Gmail/Email androidapple - - - Up to $500,000
SMS/MMS androidapple - - - Up to $500,000
iMessage apple - - - Up to $500,000
WhatsApp/Telegram/Signal androidapple - - - Up to $500,000
Facebook Messenger androidapple - - - Up to $500,000
Viber androidapple - - - Up to $500,000
Skype androidapple - - - Up to $500,000
WeChat androidapple - - - Up to $500,000
Chrome androidapple Up to $50,000 Up to $100,000 - Up to $150,000
Safari apple Up to $50,000 Up to $100,000 - Up to $150,000
Opera/Opera Mini Up to $50,000 Up to $100,000 - Up to $150,000
Baseband androidapple - - - Up to $150,000
Media Files androidapple - - - Up to $150,000
Documents androidapple - - - Up to $150,000
WiFi androidapple - - - Up to $100,000
SS7 androidapple - - - Up to $100,000
GSM(BTS) androidapple - - - Up to $100,000
Bluetooth/NFC androidapple - - Up to $50,000 -
Physical androidapple - - Up to $50,000 -
Screen Lock (pin/fingerprint bypass) androidapple - - Up to $25,000 -
PC androidapple - - Up to $25,000 -

RCE: Remote Code Execution | LPE: Local Privilege Escalation | SBX: Sandbox Escape

Frequently Asked Questions

 

Who can take part in Pwnables?

We welcome all researchers, except those from United Nations sanction list, to take part in Pwnables.

What is the Submission Process of Pwnables?

If you have an exploit code within the categories that we are looking for:

1. Download our PGP key.
2. Send us an PGP encrypted email with the following information:

a. Name of targeted software/hardware/platform.
b. Version and architecture (x86, x64 etc) of targeted software/hardware/platform.
c. Type of vulnerability (eg. Infoleak, UAF etc).
d. Attack vector/scenario.
e. Success rate of exploit code execution (50%, 80%, 100% etc).
f. Time delay for exploit code execution (number of seconds).
g. Exploitation environment (default installation, privilege, user interaction etc).
h. Setting and/or configurations required for successful exploitation.
i. Any limitations or special requirements?
j. Your PGP key.

3. We will acknowledge your email and assess your initial submission.
4. If we are not interested in your initial submission, we will inform you so via email within 2 weeks.
5. If we are interested in your initial submission, we will reply you, within 2 weeks, with an initial offer.
6. If you accept our initial offer, you will send us, via PGP encrypted email, the following information for our complete evaluation:

a. A fully functional exploit source code.
b. A detailed technical write-up of the exploit code.
c. A detailed technical write-up of the vulnerability.

7. We will acknowledge your email and evaluate your submission.
8. We may correspond with you for clarifications or more information.
9. We will make you a Final Offer within 2 weeks.
10. If offer accepted payment will be sent fully within 1 week.

What kind of submissions is Pwnables interested in?

Operating Systems Browsers Applications Devices
Android 7.x/8.x/9.x/10.x/11.x/12.x/13.x/14.x Google Chrome Gmail Apple iPhone
Apple iOS 11.x/12.x/13.x/14.x/15.x/16.x/17.x Safari(iOS) WhatsApp Samsung
Opera Telegram LG
- - Signal Huawei
- - Facebook Messenger Google
- - WeChat Xiaomi
- - Viber ZTE
- - Skype Huawei
- - - Sony
- - - HTC
- - - Motorola
- - - Lenovo
- - - Acer
- - - Asus

Which types of vulnerabilities/exploits are eligible?

Pwnables is interested in critical vulnerabilities and fully functional and reliable exploitation codes that will lead to arbitrary code execution, privilege escalation, sandbox escape and leakage of sensitive information.

How much do we pay?

Payout details can be found above.

How do we pay you?

Payment will be via bank transfer (local or international) or With Cryptocurrency like Bitcoin or Ethereum.

What about Privacy and Confidentiality?

We respect researchers’ privacy. We will not disclose your identity or any of your personal information to Third Parties.

What do we do with your research?

Submissions acquired by Pwnables will be offered as part of Pwnables security research offerings to legitimate government organisations and corporations.

Contact

Feel free to contact us for more details.