Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hack iOS 10, Get $1.5 Million

Posted by msmash on from the moral-dilemma dept.

Reader Trailrunner7 writes: The stakes in the vulnerability acquisition and bug bounty game have just gone up several notches, with a well-known security startup now offering $1.5 million for a remote jailbreak in iOS 10.The payout was put on the table Thursday by Zerodium, a company that buys vulnerabilities and exploits for high-value target platforms and applications. The company has a set of standing prices for the information it will buy, which includes bugs and exploits for iOS, Android, Flash, Windows, and the major browsers, and the top tier of that list has been $500,000 for an iOS jailbreak. But that all changed on Thursday when Zerodium announced that the company has tripled the standing price for iOS to $1.5 million.

32 comments

  1. No problem! by npslider · · Score: 1

    Just give me the source code first! :)

    1. Re: No problem! by Anonymous Coward · · Score: 0

      OpenSSL and PHP are on the list at $50k. So have at it, but send it to me first to review before submission.

    2. Re: No problem! by npslider · · Score: 1

      I was hoping for the code for those cool new looking notifications on the iPhone lock screen... but I guess PHP or OpenSSL could suffice...

    3. Re: No problem! by Anonymous Coward · · Score: 0

      Riiiight. You ain't gonna do anything. Just another Slashtard flapping their lips.

    4. Re: No problem! by AlphaBro · · Score: 2

      If you actually had a chance, you wouldn't be talking about it here.

    5. Re: No problem! by Anonymous Coward · · Score: 0

      Mod Up!

      A lot of big talking Slashtards like to make themselves out to be something kick ass when they're just really ass. I've seen this level of BS lies before. People who like to come off all hack or 1337 but haven't done shit in their lives. Bullshit artists are all the likes of npslider are.

  2. I have a sneaking suspicion by Spy+Handler · · Score: 1

    that gov't intelligence services are putting up that money.

    1. Re:I have a sneaking suspicion by npslider · · Score: 3, Insightful

      The question is: which ones?

      CIA? NSA? FBI?

      KGB?

    2. Re:I have a sneaking suspicion by NotInHere · · Score: 4, Informative

      Its pretty obvious that some of their customers are governments. Who else would be interested in tor browser exploits:

      https://www.zerodium.com/image...

    3. Re:I have a sneaking suspicion by Anonymous Coward · · Score: 3, Insightful

      Short answer: ALL of them. Governments are become the Great Enemy.

    4. Re:I have a sneaking suspicion by swb · · Score: 1

      Those are just the lesser branches of government. The parent government of all them wants it.

    5. Re:I have a sneaking suspicion by Anonymous Coward · · Score: 0

      The ones you don't know exist.

    6. Re:I have a sneaking suspicion by AlphaBro · · Score: 1

      Why wouldn't they? At a minimum, modern governments have an obligation to protect their constituents from espionage, and in some cases that means using software exploitation to gain the upper hand. Of course, such powers can be abused, but all to often we choose to ignore their necessity.

    7. Re:I have a sneaking suspicion by Anonymous Coward · · Score: 2, Insightful

      Why wouldn't they? At a minimum, modern governments have an obligation to protect their constituents from espionage, and in some cases that means using software exploitation to gain the upper hand.

      If the goal is to protect constituents from espionage, I argue that they'd be more effective in this task if they took exploits to the various vendors and convinced/helped them close the holes.

  3. Get ready for the bidder show off by NotInHere · · Score: 1

    Spoiler alert: the bad guys will win, as buying exploits is the only way they can do their business, while apple still sells iphones when there is a super secret vulnerability that gets used three times and thats it. They don't really care and only do the bug bounty program for PR reasons. And you can make more money with breaking into stuff than with selling stuff. Just look at the recent heists where part of the attack was social engineering, part of it was to manufacture emails to look like coming from management. Having access to management iphones is really helping here.

    1. Re:Get ready for the bidder show off by edtice1559 · · Score: 2

      Yes but I don't risk going to jail selling the exploit. So if I could find this, I'd happily take the $1.5 million selling it legally rather than risk going to jail in order to try to get more. Hopefully by selling it, it would actually get fixed. I'd prefer to sell it a bug bounty program administered by the vendor, though, so I don't have to worry about the moral consequences of the sale.

  4. Sell you soul by mseeger · · Score: 3, Insightful

    If you sell to them, you're a weapon dealer of the shadier kind. You'll help oppressive regimes to jail dissidents.

    1. Re:Sell you soul by ilsaloving · · Score: 3, Insightful

      At least until Apple patches the flaw. In the meantime, it's amazing how a large stack of cash can assuage one's guilt.

    2. Re:Sell you soul by Anonymous Coward · · Score: 0

      Not that I'm anywhere near good enough to do this (and especially not first), but that wouldn't bother me at all, honestly. Call me a shitty person, but I just have a hard time caring if a government in Africa or Asia or the middle east or whatever is oppressing some dude that recently went out and bought an iPhone 7 by hacking his phone.

    3. Re:Sell you soul by edtice1559 · · Score: 1

      They are setting a price. You don't have to sell to them. But it gives you a starting point in negotiations. You could go to Apple and say you've found a remote jailbreak and the price on offer is $1.5 million but you want to take the moral high road so you'll sell it to them for $1.4 million. If they come back and offer you a measly $100k, you know they aren't negotiating in good faith.

  5. The Ghost Within.. by nanospook · · Score: 1

    I wonder who is funding this startup?

    --
    Have you fscked your local propeller head today?
  6. Is this proof by The-Ixian · · Score: 1

    Is this proof of iOS's security or does this correlate with the value of the holders of the iPhones? I could see it either way or both.

    The harder a platform is to crack, the higher the value of the exploit. But only if the users of that platform are valuable or there are economies of scale in play.

    iPhone is certainly not the most widespread platform, so then it must be the value of the targets... right?

    --
    My eyes reflect the stars and a smile lights up my face.
    1. Re:Is this proof by TopSpin · · Score: 1

      Is this proof of iOS's security or does this correlate with the value of the holders of the iPhones?

      It's both. Apple has apparently hardened devices that are popular with high value targets to the point where remote exploits are now costly to obtain. The market is factoring in both of these properties.

      --
      Lurking at the bottom of the gravity well, getting old
    2. Re:Is this proof by 93+Escort+Wagon · · Score: 2

      Then you look at the bottom of the list, and see how little they'll pay for exploits of pretty much ANY web-content management system (Drupal, Joomla, Wordpress)... and, if you're unfortunate enough to be responsible for any of these, you go weep softly in a corner somewhere.

      --
      #DeleteChrome
  7. How secure is Apple itself? by swb · · Score: 3, Insightful

    Given the FBI complaining about its encryption, this bug bounty, etc, the general impression (and yes, it might be wrong) is that the iOS platform is pretty secure.

    So how secure is Apple in terms of physical security, employee security, etc?

    You would think the next level of attack would be the HQ itself -- getting somebody inside, either secret agent style or compromising an Apple employee somehow.

    Are people who work on iOS device security watched 24/7 by security themselves? Do they work in some kind of high security vault? Is the guy pushing the mail cart actually a deep cover FSB agent?

    If you work for Apple on iOS security do you think twice when some pretty girl at the bar starts talking to you, especially if she says her name is Natasha?

    1. Re:How secure is Apple itself? by TimMD909 · · Score: 1

      If you work for Apple on iOS security do you think twice when some pretty girl at the bar starts talking to you, especially if she says her name is Natasha?

      Can confirm that talking to a girl named Natasha was a bad idea and should cause suspicion.

    2. Re:How secure is Apple itself? by Anonymous Coward · · Score: 0

      I knew a girl named Atasha. She was Jamaican and dumb as a bag of hammers. She was literally illiterate, hence .. problems...

  8. All of them by waspleg · · Score: 1

    obviously.

    It doesn't even matter since they will share/steal from each other anyway.

  9. $1.5M ? by LifesABeach · · Score: 1

    You now have my attention; damn, where's my white hat?

  10. wrong then right by Anonymous Coward · · Score: 0

    > Given ... this bug bounty, etc, the general impression ... is that the iOS platform is pretty secure.

    This bounty shows that iOS is *worth* more. If you pwn a $10 feature phone you'll get low-value targets. MS phone is worth less bc of low uptake. Android less bc versioning means lots of surface, and its distribution includes lots of cheaper, flakier, un-updade-able phones. iOS is rich people.

    > people who work on iOS ... Natasha

    early release of yet-unpatched vulns from internal compromise? That's a thing, sure.

  11. Legality? by Anonymous Coward · · Score: 0

    Shouldn't this be illegal somehow? Can Apple can do anything to stop Zerodium from doing this? Or can Zerodium solicit for bugs in any system they want?

  12. Any remote exploit? by Anonymous Coward · · Score: 0

    Vectors could be NSF, Bluetooth, WiFi, OTA, how about when you attach it to a compromised pc running iTunes? Take a backup file of the device and hit that remotely?