Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Exploit broker triples iOS bounty to $1.5M, cites security improvements and demand

Last updated

Zerodium, a well-known "bug broker," on Thursday announced a new $1.5 million top end limit for zero-day exploits targeting iPhones and iPads running Apple's latest version of iOS 10.

As reported by ArsTechnica, Zerodium upped its bounty payout to reflect stronger security protocols introduced with iOS 10, Apple's latest mobile operating system which launched on Sept. 13. The enhancements make the creation of remote jailbreaks more difficult, which according to the law of supply and demand makes said exploits more valuable to those looking bypass Apple's built-in protections.

In a somewhat controversial practice, Zerodium purchases strings of exploits and flips them to government agencies. The state actors in turn apply the solutions to compromise target devices for surveillance purposes, the report said.

Last year, the firm offered three $1 million bounties for iOS exploits, later dropping the going rate to $500,000. By comparison, Zerodium this year doubled its bounty for Android workarounds to $200,000.

"Prices are directly linked to the difficulty of making a full chain of exploits, and we know that iOS 10 and Android 7 are both much harder to exploit than their previous versions," said Chaouki Bekrar, Zerodium's founder.

Commenting on why an iOS exploit is priced higher than a comparable Android bug, Bekrar said, "That means that iOS 10 chain exploits are either 7.5 times harder than Android or the demand for iOS exploits is 7.5 times higher. The reality is a mix of both."

Developers like Google — and as of August, Apple — operate bug bounty programs, though prices are often much lower than rates offered by brokers like Zerodium. This is to be expected, however, as brokers seek working hacks that can be marketed and ultimately deployed, while developers pay researchers for rough outlines and proofs-of-concept, the report said.

Apple's program, for example, offers a maximum payout of $200,000 for secure boot firmware components, with lesser amounts quoted for extraction of confidential material protected by the Secure Enclave Processor, execution of arbitrary code with kernel privileges, unauthorized access to iCloud account data and sandbox boundary bugs.

Though software developers are constantly looking for ways to stay one step ahead of hackers and other nefarious players, the exploit market is alive and well. Most recently, Apple's iOS was the target of a particularly nasty malware package called "Pegasus." A three-pronged attack, Pegasus compromised iOS 9 security measures to surreptitiously jailbreak and install a suite of monitoring software onto a victim's device. Apple patched the attack vectors in iOS 9.3.5.