Somebody Just Claimed a $1 Million Bounty for Hacking the iPhone

[Reefa]

Apple devices are widely considered extremely secure and hard to hack. But as the internet adage says, everything can be hacked—even the new iPhone.

Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities.

The challenge consisted of finding a way to remotely jailbreak a new iPhone or iPad running the latest version of Apple’s mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants with full privileges. The initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, or a text or multimedia message.

This essentially meant that a participant needed to find a series, or a chain, of unknown zero-day bugs, not just one, according to Patrick Wardle, a researcher that works at security firm Synack. For example, the Chinese white hat hacking team Pangu already found a way to jailbreak the new iPhone, but that method didn't work remotely.

In other words, it wasn't an easy challenge. In fact, in mid October, Bekrar told Motherboard that nobody had claimed the prize yet, even though Zerodium was in contact with two separate teams working independently. But both, he said, were “stuck” and couldn’t get around the same hurdle.

“Making the jailbreak remotely triggerable via Safari or Chrome requires at least two to three additional exploits compared to a local jailbreak,” Bekrar told me via Twitter direct message, adding that he was mulling over the possibility of extending the challenge.

Eventually, however, one of the teams found a way. Bekrar didn’t answer Motherboard’s request for comment.

If true, this is a considerable feat. No one had found a way (at least that’s publicly known) to jailbreak an iPhone remotely for more than a year, since iOS 7.

Many tech companies in the last few years, such as Facebook and Google, have launched bug-bounty programs, offering rewards to friendly hackers who find vulnerabilities and disclose them to the company so that they can get fixed. There are also several bug bounty middle men, such as HackerOne and Bugcrowd, who act as platforms for crowdsourced bug-hunting. (Apple does not offer a bug bounty program.)

Bekrar and Zerodium, as well as its predecessor VUPEN, have a different business model. They offer higher rewards than what tech companies usually pay out, and keep the vulnerabilities secret, revealing them only to certain government customers, such as the NSA.

Bekrar declined to identify the team that won the prize, as well as details about the exploits they found. He also declined to say how much he is planning to sell this exploit for.

But there’s no doubt that for some, this exploit is extremely valuable. Intelligence agencies such as the NSA and the CIA have run into problems when trying to hack into iPhones to spy on their targets, and the FBI has publicly complained about Apple’s encryption for months. This exploit would allow them to get around any security measures and get into the target’s iPhone to intercept calls, messages, and access data stored in the phone.

A source, who used to work for the NSA, told Motherboard a few weeks ago that $1 million is actually a good price for such an exploit, because “if you sell it to the right people” you can fetch much more.

Apple did not respond to a request for comment.

Some experts, in any case, were not surprised that somebody claimed the prize—although one researcher is skeptical that Zerodium will actually follow through on its promise. “Finding a suitable exploit isn't shocking...seeing them actually pay out will be,”

independent security researcher Jonathan Zdziarski, who has done research on Apple devices for years, told Motherboard in an email. “Isn't the prize a million dollars? I'm not sure anyone really believes it until they see it. But props if they do.”

Wardle, the director of research at Synack, a firm that acts as a middleman connecting its customers to security researchers, said a few days ago that with every new release, Apple fixes “a ton of security issues,” which means Apple’s iDevices aren’t by their own nature impossible to hack.

“Apple’s OS isn’t necessarily more bug-free that other [operating systems],” Wardle told me.

And now, thanks to an unknown group of hackers, we know that’s true.

motherboard.vice.com

[dMog]

ha ha

[CODYQX4]

ha ha

Stagefright says hello if you think Android is better. Someone almost certainly has a 0-day of larger scale.

All these OS have private zero days. This company just wants to dick wave and potentially even lie about the 0-day.

[exodius]

ha ha

Stagefright says hello if you think Android is better. Someone almost certainly has a 0-day of larger scale.

All these OS have private zero days. This company just wants to dick wave and potentially even lie about the 0-day.

So no OS that bug free. :lol: