Portuguese 
English 
Spanish 
4 min of reading 
0 comments 
Meta Wants to Preempt Cyberattacks and Offers Million-Dollar Reward for Showing Zero-Click Vulnerability on WhatsApp During International Contest in Ireland.
The company Meta, owned by mogul Mark Zuckerberg and owner of WhatsApp, is offering an unprecedented prize of US$ 1 million (about R$ 5.5 million) for anyone who can prove a critical security flaw in the world’s most used messaging app. The challenge is part of Pwn2Own Ireland 2025, one of the largest international cybersecurity contests, which will take place from October 21 to 24 in the city of Cork, Ireland.
The competition, organized by the Zero Day Initiative (ZDI) with direct support from Meta and companies Synology and QNAP, aims to discover vulnerabilities before they are exploited by real criminals. The main focus will be to find zero-click vulnerabilities in WhatsApp — those that do not require any action from the victim for an attack to be successful.
What Is a “Zero-Click” Vulnerability — and Why Is It So Dangerous?
Unlike traditional attacks that rely on user interaction — such as clicking links, downloading files, or opening suspicious messages — flaws known as zero-click are especially dangerous because they require absolutely no action from the victim.
-
A Brazilian college has created a blood test that identifies breast cancer with 95% accuracy before the tumor appears and has already tested it on 1,200 women…
-
South Korea will mass-produce a laser that takes down drones for less than R$ 8 per shot, and the test results showed a success rate of 100%…
-
Ruby- and sapphire-like stones have been found on Mars in the Jezero crater, 3.9 billion years old, following analysis by the Perseverance rover, sparking a new race for answers.
-
NASA astronauts create an optical illusion by “holding” the Cygnus XL spacecraft with their own hands aboard the ISS.
In a zero-click attack scenario on WhatsApp, for example, simply receiving a malicious message is enough for the victim’s phone to be compromised. This allows hackers to take control of the device, access personal data, spy on conversations, activate cameras or microphones — all without the user noticing.
According to the contest organizers, the specific category of the million-dollar prize requires researchers to demonstrate remote code execution (RCE), meaning they must prove it is possible to take control of the victim’s device invisibly, using only WhatsApp.
Million-Dollar Prize Reinforces Urgency to Preempt Risks
The amount of US$ 1 million offered by Meta is one of the largest ever paid in cybersecurity contests and represents a shift in posture in the face of the growing sophistication of digital threats. In a world where over 3 billion people use WhatsApp daily, a critical flaw presents a global risk — both for ordinary users and for governments, businesses, and even military operations.
The choice to offer such a generous reward aims to attract the best experts in the world, including ethical hackers and university researchers, to work towards prevention — before criminals discover these same vulnerabilities.
According to the Zero Day Initiative, the previous edition of Pwn2Own revealed over 70 unprecedented vulnerabilities, totaling more than US$ 1 million in prizes, with special mention of the team Viettel Cyber Security, which alone earned US$ 205 thousand by demonstrating flaws in popular devices.
More Categories, More Complexity, and New Technical Challenges
In addition to WhatsApp, Pwn2Own Ireland 2025 will feature seven other categories, including hacking smart home devices, cloud storage systems, smartphones, and wearable technology, such as Meta’s Ray-Ban smart glasses and Quest 3 headphones.
This year, the mobile devices category has been expanded to include exploitation attempts via physical USB port, meaning researchers will also be challenged to hack locked phones through direct connection, without the internet, Bluetooth, or Wi-Fi.
The event will also target systems from Synology, QNAP, corporate printers, and other devices widely used in both residential and business environments. The idea is to map the entire chain of possible attack vectors in today’s digital landscape.
A Message from Meta and Mark Zuckerberg: Security Is Priority
Meta’s decision to directly participate in financing the top prize reflects a growing concern for the reputation and security of WhatsApp, especially at a time when governments, intelligence agencies, and journalistic organizations warn about the political and military use of messaging platforms.
It’s worth noting that WhatsApp has previously been targeted for exploitation by advanced spyware, such as the notorious Pegasus, which used exactly this type of zero-click flaw to invade the devices of journalists and activists in various countries.
With the contest, Meta aims to reinforce its image as a company concerned with user security, adopting a proactive and collaborative stance with the global cybersecurity community.
Expectation Is for Record Participants and Discoveries
The 2025 edition promises to be the most competitive in Pwn2Own history. With the million-dollar incentive, experts from around the world are expected to mobilize to try to breach one of the most popular and protected applications in the world. Even smaller flaws — outside the main category — will have attractive prizes, and all results will be forwarded to the responsible companies, with fixes anticipated before any public disclosure.
The contest also fosters knowledge exchange and advances research in digital security, maintaining the spirit of what is called “ethical hacking” — where the objective is not to cause harm but to strengthen the global digital ecosystem.
-
-
5 pessoas reagiram a isso.