Jailbreaks wanted: $1 million offered for iPhone hacks

22 Sep 2015 | Author: | No comments yet »

A spy agency is offering $1m to anyone who can hack the new iOS.

The cybersecurity firm Zerodium announced on Monday that it will reward $1 million to anyone able to crack Apple’s AAPL 1.67% recently launched iOS 9 operating system, which the startup’s website claims is “the world’s most secure mobile OS.” “Apple iOS, like all operating system, is often affected by critical security vulnerabilities, however due to the increasing number of security improvements and the effectiveness of exploit mitigations in place, Apple’s iOS is currently the most secure mobile OS,” the company stated in its blog post. “But don’t be fooled, secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here’s where the Million Dollar iOS 9 Bug Bounty comes into play.” Zerodium was founded this past summer by Chaouki Bekrar, a well-known merchant of zero-day exploits—or computer code that attacks previously unknown software vulnerabilities. As long as hackers have sold their secret hacking techniques known as zero-day exploits to government spies, they’ve generally kept that trade in the shadows.Exploit traders Zerodium will pay a million dollars to anyone who finds an unpatched bug in iOS 9 that can be exploited to jailbreak iThings – or compromise them.

Today it’s come into the spotlight with the biggest bounty ever publicly offered for a single such exploit: $1 million for a technique that can break into an iPhone or iPad running Apple’s freshly released iOS 9. The $1m (£640,000) bounty will be awarded to an individual or team that provides a working exploit to achieve remote code execution on an iOS device via the Safari or Chrome browsers or through an SMS/MMS message. The company just pushed out the latest edition of iOS last week, and it seems that, at the time of this writing anyway, no iOS 9 jailbreak is available yet.

Apple, which is often lauded for its tight security, did not immediately respond to Fortune’s request for comment. (In an unrelated incident that was a rare lapse for the company, malware-laced apps recently made their way into the company’s app store in China.) Bekrar also founded the controversial French cybersecurity firm Vupen, a brokerage built on the sale of computer bugs and exploits. Chaouki Bekrar, the founder of Zerodium, is infamous for founding the French hacking firm Vupen–which specializes in buying up zero-day exploits and selling them to governments. A lot of people are willing to pay cash to jailbreak their iGear, so there’s money to be made by packaging up the bug into a jailbreak tool – all you’d need to do is visit a special webpage in Chrome or Safari on iOS to trigger the installation. Both companies, however, rely on not disclosing their vulnerability findings to affected companies, such as Apple, Google GOOG 0.98% , or Microsoft MSFT 1.45% .

Wired’s Andy Greenberg reports: Bekrar’s past customers for such undisclosed hacking techniques have included the NSA as well as other NATO countries and “NATO partners” that Bekrar declines to name. Alternatively, someone could use one of these remote code-execution vulnerabilities to infiltrate people’s devices from across the internet, run malicious code, and spy on them. Apple has claimed that it is next to impossible to jailbreak iOS 9 and has been thwarting the attempts of jailbreakers by launching firmware updates for its OS without notice. When the so-called Stagefright vulnerability, which affected Google’s Android operating system, went public earlier this year, Bekrar said he would have paid the researcher who discovered the flaw $100,000 for it. (For more on Stagefright, read this.) Christopher Soghoian, chief technologist at the American Civil Liberties Union, has referred to such businesses as “modern-day merchants of death,” since it can be difficult to keep track of where sold exploits end up and just as hard to prevent them from falling into the hands of oppressive regimes. Bekrar declined to identify any of Zerodium’s potential customers, but he has previously revealed that they’re limited to certain government agencies.

Currently, only iOS 8.4.0 and any older version is jailbreakable, so if you updated to iOS 8.4.1 or iOS 9, you won’t be able to jailbreak your device. The zero-day trade industry is one which often operates out of the public spotlight, although a recent hacking of the Italian spyware firm Hacking Team helped expose some of its inner workings through leaked emails and other documents. Rather than report vulnerabilities in software to the companies that make it to help fix hackable bugs, Vupen develops hacking techniques based on those bugs and typically sells them to multiple government customers.

It took Apple only a couple of weeks to patch that jailbreak, however, so perhaps the company is getting better at plugging holes that could be exploited by jailbreakers before they have a chance to do so. His iOS bounty is no different: The terms of the offer include the demand that the bug not be reported to Apple or publicly disclosed, the better to allow Zerodium’s customers to use the technique in secret. For a full rundown of the rules and stipulations, see Zerodium’s website. “For obvious security reasons, ZERODIUM does not maintain any web infrastructure dedicated to zero-day submissions.

While Apple will presumably eventually find out about the remote-code execution flaws, and patch iOS to mitigate, Zerodium will give details of the exploits to customers of its Zerodium Security Research Feed Z-SRF for them to use as they see fit. All submissions to ZERODIUM must be achieved through encrypted emails,” the website states (where one might expect a submission form). “We reserve the right, at our sole discretion, to make or to not make an offer to acquire a vulnerability for any/no reason.” Katie Moussouris, chief policy officer at the bug bounty startup HackerOne, told Fortune via email that such high prices for zero-day exploits could cause problems for tech companies attempting to secure their products. “These are not generally sustainable reward levels for defensive markets,” she wrote, “due to the difficulty in maintaining the necessary developer and tester employees who might just leave their day jobs if bounties like this are more common.” The announcement should get malware developers’ attention, but also that of the media and governments, which are already working on an arrangement to increase the limitations they put on those who work with security vulnerabilities (which can also lead to negative consequences). But Bekrar doesn’t see Wassenaar as a serious obstacle to his new business, and points out that the arrangement has yet to be implemented in the United States. “We will comply with applicable regulations as any cybersecurity company,” Bekrar says. “Wassenaar adds a layer of paperwork but does not aim to prevent companies from conducting their businesses.” But Zerodium certainly isn’t the only willing buyer for an iOS exploit. Researchers estimate the attack, known as XcodeGhost, resulted in nearly 350 malware-laden apps being posted into the Chinese version of the App Store. ®

Of course, since then, Microsoft has already completely replaced Skype’s P2P architecture with one that is more centralized and more mobile-friendly, but also more wiretap-friendly. Now that Zerodium has made this announcement, it could also make Apple’s security engineers even more vigilant about the security architecture of iOS, and they may work even harder to fix whatever flaws it may have left in it.

Here you can write a commentary on the recording "Jailbreaks wanted: $1 million offered for iPhone hacks".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site