Zerodium To Pay $1 Million For Exploit That Breaks iOS 9's Enhanced Security
Zerodium, a zero-day vulnerability company that specializes in buying and selling exploits, announced that it will offer a record-breaking $1 million for a full iOS 9 browser-based exploit delivered to it by October 31. The company will be able to offer up to three such prizes for a total of $3 million.
Zerodium was created by Chaouki Bekrar, the founder of VUPEN, a company akin to the Hacking Team, which created its own exploits and then sold them to the highest bidder (even if that was a country that often uses such exploits to violate human rights).
After the Hacking Team hack and all the media and political attention that came with it, the founder of VUPEN decided to focus on only buying and selling premium exploits instead of developing them.
His new firm, Zerodium, now wants to focus on getting unique iOS 9 exploits and is willing to pay $1 million for up to three such exploits. The amount is 10 times more than what the company usually pays for a mobile vulnerability.
The reason Zerodium is willing to pay this much is in part because it must have also realized it would garner much attention from zero-day vulnerability developers, but also in part because iOS 9 comes with many security enhancements and patches, which make it much harder to exploit.
The company had the following to say about its motives for the new exploit prize:
“Apple iOS, like all operating systems, is often affected by critical security vulnerabilities, however due to the increasing number of security improvements and the effectiveness of exploit mitigations in place, Apple's iOS is currently the most secure mobile OS. But don't be fooled, secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here's where the Million Dollar iOS 9 Bug Bounty comes into play."
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Zerodium wanted an exploit that can beat the iOS 9 zero-day mitigations such as ASLR, sandboxes, rootless, code signing and bootchain. It also wants it to work on the latest version of iOS 9 at the time of delivery, and it should be able to allow installation of an arbitrary app such as Cydia.
The company also required that the exploit worked silently, without any interaction from the user other than loading a web page in Safari or Chrome, or receiving a media file in an SMS or MMS.
The announcement should get malware developers' attention, but also that of the media and governments, which are already working on an arrangement to increase the limitations they put on those who work with security vulnerabilities (which can also lead to negative consequences).
If Zerodium is willing to pay up to $3 million for three zero-day iOS 9 exploits, that could also mean that it already has one or multiple buyers that are willing to pay them back even more for these exploits. The likely candidates could be either other governments or criminal organizations.
The NSA, for instance, is known for buying such exploits regularly, and was even willing to pay "billions" for something that could break into Skype's former ultra-secure P2P architecture a few years ago. Of course, since then, Microsoft has already completely replaced Skype's P2P architecture with one that is more centralized and more mobile-friendly, but also more wiretap-friendly.
Now that Zerodium has made this announcement, it could also make Apple's security engineers even more vigilant about the security architecture of iOS, and they may work even harder to fix whatever flaws it may have left in it. The data of hundreds of millions of iOS 9 users could be at risk.
Follow us @tomshardware, on Facebook and on Google+.
Camouflage eSports monitors launched by JAPANNEXT – but you probably won't see them in stores
Zero-day Windows NTLM hash vulnerability gets patched by third-party — credentials can be hijacked by merely viewing a malicious file in File Explorer
Russian Ex-ASML employee indicted for stealing critical trade secrets — currently in custody, faces 20-year Netherlands entry ban
-
derekullo The even scarier side to this is they don't ask for Microsoft Edge based exploits.Reply
This gives the impression that either they already have enough Edge exploits to sell or that they are so many exploits in Edge that it is not worth trying to sell. -
bookwormsy The even scarier side to this is they don't ask for Microsoft Edge based exploits.
This gives the impression that either they already have enough Edge exploits to sell or that they are so many exploits in Edge that it is not worth trying to sell.The even scarier side to this is they don't ask for Microsoft Edge based exploits.
This gives the impression that either they already have enough Edge exploits to sell or that they are so many exploits in Edge that it is not worth trying to sell.
Or because Microsoft Edge isn't available on iOS 9? -
chicofehr It would be great if ransomeware could be made that works on iphones that are not jail broken. I don't like iphones if you want to know.Reply -
agentbb007
Or Google Chrome, or Firefox why pick on MS Edge? I think they are targeting iOS 9 so the obvious choice of attack is the default browser iOS 9 uses.16662475 said:The even scarier side to this is they don't ask for Microsoft Edge based exploits.
This gives the impression that either they already have enough Edge exploits to sell or that they are so many exploits in Edge that it is not worth trying to sell. -
derekullo Every new windows 10 computer will have Microsoft Edge.Reply
Therefore you already have a growing population base.
-
royalcrown IT WOULD BE GREAT IF SUPPORTING RANSOMWARE MAKES YOU A DOUCHE BAG.Reply
It would be great if ransomeware could be made that works on iphones that are not jail broken. I don't like iphones if you want to know.