Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Apple/Mac / $1M Bounty for iOS Hack Claimed
Hackers Claim Zerodium's $1M Bounty for Breaking into iPhone
Hackers Claim Zerodium's $1M Bounty for Breaking into iPhone
By Dan Heilman / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
It took more than a month, but an anonymous team of hackers finally claimed the $1 million bounty offered by cybersecurity startup Zerodium to hack the iPhone’s iOS 9 operating system. In mid-September, Zerodium offered a reward to an individual or team that created and submitted an exclusive, browser-based, "jailbreak" for the latest version of Apple's mobile operating system and its devices.

The bounty was claimed over the weekend, according to Zerodium founder Chaouki Bekrar. Bekrar told Wired that the exploit developed by the hackers, who were not identified, will be given to one or more of Zerodium’s customers. The company’s client base includes companies in technology, finance, as well as defense corporations, and government agencies.

The contest required that the hackers carry out the winning exploit of iOS 9.1 or iOS 9.2 -- the latest versions of iOS 9 -- remotely, without any user interaction beyond reading a text message or visiting a Web site via Chrome or Safari on an iOS device. That meant uncovering not just one but a series of previously unknown zero-day bugs in the OS. Although jailbreaks for the new iPhone have been discovered previously, they haven't worked remotely.

No One Is Safe

We reached out to Rick Holland, an analyst at Forrester Research Inc., who told us that the overriding message of Zerodium’s bounty and the winning entry is that anything can be hacked if the hacker is determined enough.

"Anything that runs code is vulnerable and the potential economic gains dictate how likely the software is to be targeted," said Holland. "I don't think this bounty indicates there will be a major shift in cybercriminals targeting iOS; they have plenty of lower-hanging fruit that they can make significant returns on."

The contest, which closed at 6 p.m. EDT on October 31, offered a total payout of $3 million if more than one successful jailbreak was submitted. However, the winning team submitted its entry just hours before the deadline, Bekrar said.

To the Highest Bidder

The competition was unusual in that, unlike with other bug-bounty programs sponsored by such companies as Facebook and Google, Zerodium was never planning to share the details of the jailbreak with anyone but its clients. The company presumably will make its money back by selling the sensitive exploit information.

As a result, Zerodium said that it does not plan to report the vulnerabilities in iOS 9 to Apple. Bekrar said the company might share the details of the hack at some point in the future. The information won’t be provided to the general public, but the public will benefit from knowing that while the security features of Apple’s mobile OS is sound, it’s not invulnerable, according to Bekrar.

Zerodium counts among its clients the National Security Agency. The NSA and other Intelligence agencies have reportedly struggled to hack into iPhones to spy on their targets, and the FBI has also publicly complained about Apple’s encryption. The exploit uncovered by this hacking team would presumably let those agencies sidestep security measures and get into their targets' iPhones to intercept calls, messages and data.

Recently, an anonymous former NSA employee told the Motherboard news Web site that $1 million is a good price to pay for the exploit submitted to Zerodium because presumably its resale value will be much higher if the right customer is found.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.