Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hack iOS 10, Get $1.5 Million

Posted by msmash on from the moral-dilemma dept.

Reader Trailrunner7 writes: The stakes in the vulnerability acquisition and bug bounty game have just gone up several notches, with a well-known security startup now offering $1.5 million for a remote jailbreak in iOS 10.The payout was put on the table Thursday by Zerodium, a company that buys vulnerabilities and exploits for high-value target platforms and applications. The company has a set of standing prices for the information it will buy, which includes bugs and exploits for iOS, Android, Flash, Windows, and the major browsers, and the top tier of that list has been $500,000 for an iOS jailbreak. But that all changed on Thursday when Zerodium announced that the company has tripled the standing price for iOS to $1.5 million.

6 of 32 comments (clear)

  1. Re:I have a sneaking suspicion by npslider · · Score: 3, Insightful

    The question is: which ones?

    CIA? NSA? FBI?

    KGB?

  2. Sell you soul by mseeger · · Score: 3, Insightful

    If you sell to them, you're a weapon dealer of the shadier kind. You'll help oppressive regimes to jail dissidents.

    1. Re:Sell you soul by ilsaloving · · Score: 3, Insightful

      At least until Apple patches the flaw. In the meantime, it's amazing how a large stack of cash can assuage one's guilt.

  3. Re:I have a sneaking suspicion by NotInHere · · Score: 4, Informative

    Its pretty obvious that some of their customers are governments. Who else would be interested in tor browser exploits:

    https://www.zerodium.com/image...

  4. Re:I have a sneaking suspicion by Anonymous Coward · · Score: 3, Insightful

    Short answer: ALL of them. Governments are become the Great Enemy.

  5. How secure is Apple itself? by swb · · Score: 3, Insightful

    Given the FBI complaining about its encryption, this bug bounty, etc, the general impression (and yes, it might be wrong) is that the iOS platform is pretty secure.

    So how secure is Apple in terms of physical security, employee security, etc?

    You would think the next level of attack would be the HQ itself -- getting somebody inside, either secret agent style or compromising an Apple employee somehow.

    Are people who work on iOS device security watched 24/7 by security themselves? Do they work in some kind of high security vault? Is the guy pushing the mail cart actually a deep cover FSB agent?

    If you work for Apple on iOS security do you think twice when some pretty girl at the bar starts talking to you, especially if she says her name is Natasha?