Hack iOS 10, Get $1.5 Million

← Back to Stories (view on slashdot.org)

Hack iOS 10, Get $1.5 Million

Posted by msmash on Friday September 30, 2016 @06:03AM from the moral-dilemma dept.

Reader Trailrunner7 writes: The stakes in the vulnerability acquisition and bug bounty game have just gone up several notches, with a well-known security startup now offering $1.5 million for a remote jailbreak in iOS 10.The payout was put on the table Thursday by Zerodium, a company that buys vulnerabilities and exploits for high-value target platforms and applications. The company has a set of standing prices for the information it will buy, which includes bugs and exploits for iOS, Android, Flash, Windows, and the major browsers, and the top tier of that list has been $500,000 for an iOS jailbreak. But that all changed on Thursday when Zerodium announced that the company has tripled the standing price for iOS to $1.5 million.

6 of 32 comments (clear)

Min score:

Reason:

Sort:

Re:I have a sneaking suspicion by npslider · 2016-09-30 06:14 · Score: 3, Insightful

The question is: which ones?
CIA? NSA? FBI?
KGB?
Sell you soul by mseeger · 2016-09-30 06:16 · Score: 3, Insightful

If you sell to them, you're a weapon dealer of the shadier kind. You'll help oppressive regimes to jail dissidents.
1. Re:Sell you soul by ilsaloving · 2016-09-30 06:25 · Score: 3, Insightful
  
  At least until Apple patches the flaw. In the meantime, it's amazing how a large stack of cash can assuage one's guilt.
Re:I have a sneaking suspicion by Anonymous Coward · 2016-09-30 06:36 · Score: 3, Insightful

Short answer: ALL of them. Governments are become the Great Enemy.
How secure is Apple itself? by swb · 2016-09-30 06:48 · Score: 3, Insightful

Given the FBI complaining about its encryption, this bug bounty, etc, the general impression (and yes, it might be wrong) is that the iOS platform is pretty secure.
So how secure is Apple in terms of physical security, employee security, etc?
You would think the next level of attack would be the HQ itself -- getting somebody inside, either secret agent style or compromising an Apple employee somehow.
Are people who work on iOS device security watched 24/7 by security themselves? Do they work in some kind of high security vault? Is the guy pushing the mail cart actually a deep cover FSB agent?
If you work for Apple on iOS security do you think twice when some pretty girl at the bar starts talking to you, especially if she says her name is Natasha?
Re:I have a sneaking suspicion by Anonymous Coward · 2016-10-01 00:02 · Score: 2, Insightful

Why wouldn't they? At a minimum, modern governments have an obligation to protect their constituents from espionage, and in some cases that means using software exploitation to gain the upper hand.
If the goal is to protect constituents from espionage, I argue that they'd be more effective in this task if they took exploits to the various vendors and convinced/helped them close the holes.