An anonymous team has claimed a $1 million bounty for zero-day exploits in iOS 9.1 and the 9.2 beta, potentially allowing someone to jailbreak an Apple device over the Internet.
The bounty was offered by Zerodium, a startup marketing itself as the "premium zero-day vulnerability and exploit acquisition program." It was first announced on Sept. 21, but only claimed this weekend — hours before it was set to expire, Zerodium founder Chaouki Bekrar told Motherboard.
Rules stated that the hack had to come through Safari, Chrome, or an SMS or MMS message. This is said to have made the bounty particularly complex, demanding a string of undiscovered bugs, and as late as mid-October two teams were blocked by the same problem.
The winning team used a combination of Chrome and iOS vulnerabilities to create a browser-based jailbreak, which is still being double-checked make sure it meets the bounty's terms. Bekrar declined to offer any details about the technique, or whom he intends to sell it to.
Zerodium is reportedly geared toward selling to government customers however, and its predecessor, VUPEN, previously counted the U.S. National Security Agency as a client.
That could mean the NSA and/or other government organizations will be able to circumvent iOS 9's security safeguards, such as full-disk encryption, and install eavesdropping apps or simply sabotage a device.
Bekrar suggested however that Apple will likely patch the related iOS holes in "a few weeks to a few months," and that the bounty is actually a credit to Apple's work.
"This challenge is one of the best advertisements for Apple as it has confirmed once again that iOS security is real and not just about marketing," he said. "No software other than iOS really deserves such a high bug bounty."
Remote jailbreaks have become a rarity with iOS, the last known technique being available for iOS 7.
78 Comments
Good luck with the remote jailbreak. I'm no longer believing in this. Since iOS 7, no remote jailbreak ever happened. 9.1? I doubt it.
[quote name="sog35" url="/t/189911/team-claims-1-million-bounty-for-remotely-jailbreaking-ios-9-1-9-2#post_2800936"]No device can be 100% jailbreak proof as long as it connects to the internet. Its all about probability of an successful attack. At this point Android is 100x more vunerable. [/quote] Why [B]can[/B] it not be jailbreak proof? Or are you referring to practically, rather than theoretically?
Not sure why they would boast about the hack if they couldn't actually do it, except great publicity, who knows if they have actually done it?
if they have, can they truly hack a remote phone, or do they need a local user to do something special first?
[quote name="Right_said_fred" url="/t/189911/team-claims-1-million-bounty-for-remotely-jailbreaking-ios-9-1-9-2#post_2800954"] Not sure why they would boast about the hack if they couldn't actually do it, except great publicity, who knows if they have actually done it? if they have, can they truly hack a remote phone, or do they need a local user to do something special first? [/quote]at the very least it appears they need chrome installed. Not sure what else and what settings.
I caught that as well...and that should nicely limit it as I doubt many people will load Chrome on their iOS devices...