Earn $1.5 million by remotely jailbreaking iOS 10

iOS is harder to crack than Android, but the demand is high.

Exploit prices

A year ago, vulnerability broker Zerodium made the headlines when it offered a stonking one million dollars to anybody who could come up with a zero-day remote exploit for iOS 9. Sure enough, someone came up with the goods: a browser-based, untethered jailbreak for iOS 9 using a zero-day vulnerability.

Of course, Zerodium wasn't being altruistic. It offers huge prizes to vulnerability researchers if they can find ways to crack into operating systems, because they know that those exploits can then be sold on (at profit) to governments and intelligence agencies. Zerodium's customers then use them to spy on suspected criminals, terrorists, foreign nations and other people they want to keep tabs on.

Who loses out? Well, we all do - apart from Zerodium, the intelligence agency and the guy who picks up the pay cheque. Zerodium doesn't share details of the exploit with vendors like Apple, Google, Microsoft or Adobe who might be able to fix the security hole to make our devices and communications safer.

Of course, the likes of Apple, Google, and others do offer bug bounties for researchers who wish to share details of their vulnerability discoveries responsibly, and want to see them fixed for the increased safety of all of us. But the tech companies don't come anywhere close to offering the same kind of monetary reward as Zerodium.

So, if you had a zero-day vulnerability for remotely hacking an iPhone would you tell Apple or Zerodium?

The good news is that it's not quite as black-and-white choice as the sheer monetary rewards would suggest. Many of the folks who uncover security holes in software feel passionately about what they are doing, and the importance of privacy. Even with Zerodium offering such huge sums of money, they may find the idea of their exploit being used by an oppressive government to spy upon its citizens too big a price to pay.

Zerodium needs exploits, however, for its eager customers. And so it has upped its rewards even further. It's offering $1.5 million to anyone who can come up with a working remote iOS 10 jailbreak vulnerability.

The prices aren't as high if you can do something similar on Android. The bounty for that has doubled, increasing to $200,000, emphasising that Android is not only an easier nut to crack, but also that there is simply a greater demand for ways to spy upon users of Apple iOS devices.

Tags: , , , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , , , ,

5 Responses

  1. Bob

    September 30, 2016 at 12:53 pm #

    I'm a fan of responsible disclosure but, as others have said, companies like Apple offer a paltry reward program – $250,000. Not that much if the ethical hacker has a family to feed and he's spent many months working on a vulnerability. It's a risky business because somebody else may find the vulnerability before you and you'll get nothing.

    A couple of other points from a Twitter exchange worth mentioning (about their $250,000 bug bounty):

    "From Apple, that’s if you are accepted into the currently invite-only program – and they could easily say out of scope."

    "If it doesn’t fit there scope, you don’t get paid, but the bug will be fixed – meaning you don’t get a cent."

    https://twitter.com/netik/status/781585006434983936

    On the other hand you can sell to Zerodium, there's no need to be offered an 'invite-only' place, you're guaranteed to get paid and you earn $1.5 million (or £1.2 million).

    It's a no-brainer really… and it's Apple's fault.

  2. Michael Ponzani

    September 30, 2016 at 3:34 pm #

    Are you sure it's one million, 5, and not $12.50? I could find that $12.50 in coin while walking my dog. Apparently, according to Bob, Apple has found a way to weasel out of even that small amount if you are not in their invite only clique. Oh well, Steve Jobs was a harsh master. <Heinlein pun. If they really do pay the 1.5 mill then…..YAHOO!

  3. David L

    September 30, 2016 at 5:20 pm #

    It's not just the fact that Apple only recently started to reward researchers, but they have treated these people with contempt for years. Just ask Johnathan Zdziarski about that, when only two years ago, he gave his presentation at Blackhat USA, about the "backdoors" in IOS 8.x What he did to/for Apple, is what Snowden did to/for the world of security. Apple barely gave credit to him, and he was viciously attacked by the "fanboy press" tech journalist. Finally, some after interviews by the likes of "elreg" (the register) and some long blog posts by Johnathan, told the whole tragic episode. But, Apple was forced into beefing up security.
    His website: www.Zdziarski.com
    You can find lots of information on a wide range of other security related subjects, but he is a forensic specialist on Apple ios.

    Now, as for Android being less rewarding to hack, I think that's because there are way more researchers for that system. But, rooting is a common thing, and by design, a more open system. Although Google too has beefed up security over the last couple years, they still have a ways to go.

  4. x94

    September 30, 2016 at 10:10 pm #

    someone has 1.5mil now because there will be a hacker out there that can do it.

    • Bob in reply to x94.

      October 1, 2016 at 9:09 pm #

      It's already been done ;-)

Leave a Reply