A hacking group is claiming $1 million in bounty for remotely jailbreaking Apple’s latest iOS 9 operating system. Unlike Android, iOS is much more sophisticated in terms of security. That’s why a startup firm by the name of Zerodium set up a bounty to find a way of remotely jailbreaking the new iPhone or iPad running Apple’s latest software (which at this point is iOS 9.0 and 9.2b).
However, according to the terms and conditions, the initial exploit had to come through Safari, Chrome, or a text or multimedia message. This ultimately meant that the individual who had undertaken the challenge had to find not one, but a series of unknown zero-day bugs, and that too remotely.
Chinese hacking team Pangu, which is notorious for jailbreaking the new iPhone, might have achieved this feat, but it was not carried out remotely, meaning that they didn’t qualify.
During the month of October, founder of Zerodium, Chaouki Bekrar stated that no one was able to complete the challenge, although the firm was currently in contact with two teams that were working independently at the time. According to Bekrar:
Making the jailbreak remotely triggerable via Safari or Chrome requires at least two to three additional exploits compared to a local jailbreak.
Since iOS 7, no one has been able to remotely jailbreak an iPhone. Until now that is. Bekrar has not divulged details concerning the team that won the prize, and kept details concerning the exploits to himself. He did not comment on how much he plans on selling the exploit for himself, but we can expect that it is very lucrative venture that he has setup for himself.
It’s expected that Zerodium will sell the exploit to governments or agencies like the NSA
Despite the fact that Apple’s iOS operating system is quite secure, there is no such thing as unhackable these days. And we are sure there are plenty of government agencies like the NSA willing to pay top dollar for such an exploit.
Tech giants like Google and Facebook have bug-bounty programs which offer rewards to individuals and teams who can find vulnerabilities and tell them to the company so that they a patch can be rolled out for it. Apple, at this current point, does not offer a bug-bounty program, but the California based tech company should really look into it, as it will help secure its desktop and mobile platform even further.