Slashdot Mirror

← Back to Stories (view on slashdot.org)

Somebody Just Claimed a $1 Million Bounty For Hacking the iPhone (vice.com)

Posted by samzenpus on from the protect-ya-neck dept.

citadrianne writes with news that security startup Zerodium has just paid a group of hackers $1 million for finding a remote jailbreak of an iPhone running iOS 9. Vice reports: "Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities. The challenge consisted of finding a way to remotely jailbreak a new iPhone or iPad running the latest version of Apple's mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants app with full privileges. The initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, or a text or multimedia message. This essentially meant that a participant needed to find a series, or a chain, of unknown zero-day bugs."

13 of 100 comments (clear)

  1. interesting by fattmatt · · Score: 2

    The popcorn you are eating has been pissed in. Film at eleven.

  2. Exploit will be sold, kept secret from Apple by Anonymous Coward · · Score: 5, Insightful

    Unlike the last drive-by exploit (jailbreakme.com, several years ago), this one won't be used to create a jailbreak for users. Instead, the company plans to keep it secret from Apple, selling it to nefarious organizations such as “major corporations in defense, technology, and finance”. I'm sure that also includes government organizations.

    Lovely. If Apple had a bug bounty program, maybe the hacker would have sold it to them. Instead, their hubris sees them shut out, and their millions of users completely vulnerable.

    1. Re:Exploit will be sold, kept secret from Apple by postbigbang · · Score: 3, Insightful

      Apple's QA erodes further. They didn't pay bug bounties because they had the churl to believe in their own invincibility..... and like so many others, will meet their matches in new and interesting ways.

      --
      ---- Teach Peace. It's Cheaper Than War.
    2. Re:Exploit will be sold, kept secret from Apple by gl4ss · · Score: 2

      well, every version of safari so far has had remote execution bugs in it.

      it's kind of puzzling how many they can have, actually, or if they just keep adding shit that creates new holes.

      --
      world was created 5 seconds before this post as it is.
  3. Re:Stolen Work by Anonymous Coward · · Score: 5, Interesting

    Nope. The title and summary of this article don't stress the important point: that it's purely browser-based. Visit the wrong website and you're compromised. Since the company is selling the exploit to the highest bidder, I'm sure it will be used to develop malware that is undetectable. Thanks, Apple!

  4. iphone hack by Anonymous Coward · · Score: 5, Funny

    This story is just ludicrous. I mean come on, really.

    -- Sent from my iPhone

    **Buy penis enlargement pills and viagra CHEAP! www.haxorezhackedme.com/viagra1.asp

  5. Doesn't make sense to publicize by Anonymous Coward · · Score: 3, Insightful

    Surely an unknown zero-day remote exploit would worth more than a publicized one?

    If you are in the business of buying zero-days and sell to the highest bidder, it doesn't make sense to let Apple know that one is found. A much better approach is to require anyone claiming the bounty to keep quiet, so the buying can use the zero-day for much longer before anyone notice.

    1. Re:Doesn't make sense to publicize by AHuxley · · Score: 2

      It can be about attracting and buying up skills. The more people know who is buying, the prices and that people from around the world will be trusted to buy and sell long term, the better branding for the bounty system.
      Better to attract ten new ways in from different skilled creators than hope a good hidden method stays open.

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:Doesn't make sense to publicize by KGIII · · Score: 2

      Interestingly enough, I notice the lack of three people who constantly scream about their iDevices and how glorious they are. Ah well... I don't have anything against Apple but I do find some of their believers to be a bit much. I'd think it a bit more honest of them to come in here and accept the music rather than trying to minimize it or ignore it.

      Yeah, it has a security issue. So? Everything out there probably does. Give someone incentive and it will be found. Nothing is secure. Blindly following a greedy corporation is just silly.

      --
      "So long and thanks for all the fish."
  6. Re: Stolen Work by Anonymous Coward · · Score: 5, Insightful

    Chrome on iOS isn't actually chrome. All the rendering is done by safari, since Apples app store rules don't permit 3rd party web renderers.

    Consider Chrome on iOS to be 'safari with a shell that syncs bookmarks'.

  7. Re: Exploit is though Chome browser by JaredOfEuropa · · Score: 2

    The vulnerability appears to rely on Chrome though, not Safari.

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  8. Re: Stolen Work by BasilBrush · · Score: 2

    Safari is an app. The Apple webview that Chome and all other apps with webview use is built on WebKit.

    A browser (such as Safari or Chrome) does a fair number of other things than bookmarks. And a webview isn't just a black box. It has callbacks to the app for all manner of events, and options.

    If the exploit is specifically on Chrome and not Safari, then it's probably but not definitely, Google's fault.

  9. Re: Stolen Work by exomondo · · Score: 2

    If the exploit requires Google code (Chrome for iOS) to be successful, how is it *not* Google's fault, at least in part?

    It is to a degree, but the main point of a "sandbox" is to prevent an application's security vulnerability from compromising the whole OS. If the application is properly sandboxed then whether it is secure or not shouldn't matter with respect to the security of the OS.