Advertisement

Security firm offers $1 million bounty to anyone who can remotely jailbreak the iOS9

A call to arms to blackhats and whitehats alike

zero-day exploit iphone 6s

 
The market for zero-day security exploits has grown quite robust these days, with firms offering top dollars to those who discover and report the security crushing bugs that’ve managed to slip past the quality assurance phase of their product and service. Some firms – such as Google – offer a minimum bounty of $500 and a maximum of $20,000. Zerodium on the other hand, is offering a whopping $3 million to three researchers who discover zero-day exploits for Apple’s iOS 9.

More to the point, Chaouki Bekrar, CEO of Zerodium and VPuen, will distribute a $1 million bounty to each person who creates and submits an “exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9.” To be eligible for the prize money, applicants must successfully crack the an iPhone 6 or 6S using Apple’s Safari, Google’s Chrome, or a text message — similar to the Stagefright hack that threatened Android phones earlier this summer.

Make no mistake, this is a massive feat capable of cheating app developers out of far more than $1 million if exploited in the name of piracy, so offering Blackhats this much money makes complete sense, especially because Zerodium can legally sell the vulnerability back to Apple for even more money.

Such practices are often acquainted with blackmail and frowned upon, as companies that do not pay are left to wallow in their vulnerabilities, and by extend, leave their users exposed. In spite of the criticism, the market for iOS vulnerabilities is especially booming, with prices for iOS jailbreaks going for at least a million dollars.

Bekrar mentioned to Forbes that his firm pays nearly $100,000 to $150,000 a week for outsourced exploits and zero-days, “we have … paid for a fair amount of exploits in Internet Explorer, Chrome, Firefox, Flash, Office and Android.” Bekrar explains that had Joshua Drake – the man responsible for disclosing Stagefright to Google – submitted his findings to Zerodium, he’d have been rewarded $100,000, far more than Google’s $20,000 cap.

Participants have until October 31st to submit their findings.

Source: Forbes

Advertisement



Learn more about Electronic Products Magazine

Leave a Reply