- The Washington Times - Tuesday, September 22, 2015

Apple’s newest mobile operating system has only been available for a few days, but hackers are already being offered a hefty sum in exchange for finding a way to break it

Security researchers who can find a way to crack into iOS 9, the system that comes standard on all new iPhones and iPads, are now eligible to win $1 million.

The iPhone maker isn’t the one offering the award, however. Zerodium, a security startup that bills itself as an acquisition platform for software vulnerabilities, announced this week that it’s putting a bounty on the line for iOS 9 exploits.

In a statement released Monday, Zerodium said it’ll pay out $1 million  to an individual or team that can provide an “exclusive, browser-based and untethered jailbreak for the latest Apple iOS.”

“Apple iOS, like all operating system, is often affected by critical security vulnerabilities, however due to the increasing number of security improvements and the effectiveness of exploit mitigations in place, Apple’s iOS is currently the most secure mobile OS. But don’t be fooled, secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation,” Zerodium explained.

The company said Monday that it’s prepared to hand out three awards at $1 million apiece to researchers who can find a way to successfully exploit iOS 9. The attack must be launched either through a Web browser or via text message, and must rely on “a full chain of unknown, unpublished and unreported vulnerabilities.”

Zerodium was launched in July by Chaouki Bekrar, the founder of Vupen, a French exploit vendor that has previously held contracts with intelligence services run by the U.S. and German governments.

“iOS is the most secure mobile OS as of today … and Zerodium is buying all kinds of stuff, why not iOS?” he told Forbes this week.

“[T]here are many experienced researchers working on iOS exploits or stockpiling iOS zero-days for various reasons, and we believe that many of these talents will be attracted by the bounty and will definitely succeed,” Mr. Bekar added to Engadget.

Exploits for older versions of Apple’s iOS operating system have previously been bought by vendors in the same business as Vupen and Zerodium for $500,000, The New York Times reported.

Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with Spot.im or if you wish to use your Disqus account look under the Conversation for the link "Have a Disqus Account?". Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide