back to article Wanted alive: $1m for an iOS 9 bug to hijack, er, jailbreak iThings

Exploit traders Zerodium will pay a million dollars to anyone who finds an unpatched bug in iOS 9 that can be exploited to jailbreak iThings – or compromise them. The $1m (£640,000) bounty will be awarded to an individual or team that provides a working exploit to achieve remote code execution on an iOS device via the Safari …

  1. Anonymous Coward
    Anonymous Coward

    Can't make back a million for a 'jailbreak'

    I doubt (hope?) there are not too many people dumb enough to pay for some shady malware traders to remotely break into their device to jailbreak it! That's like taking your house key down to the local prison and handing it to some random guy getting released today along with a $100 bill, asking him to fix the lock on your front door.

  2. Your alien overlord - fear me

    Wonder if any NSA staff are thinking....

    1. Tim99 Silver badge
      Black Helicopters

      TLAs

      As it says on their website that their customers are governments (spooks) and corporations, the NSA probably knows exactly what to think.

  3. Sandtitz Silver badge

    What?!

    Isn't it Apple's job to offer bounties for security exploits in their products?

    Since each IOS version has had security exploits granting root rights to jailbreak (or to just install malware), I think Apple should offer big money for these jailbreak enabling exploits and for each exploit deny free coffee from the IOS coding team. (cruel and unusual punishment?)

    Also, why isn't Apple using signed bootloader like Winphone or some Androids? AFAIK, none of those devices have been jailbroken.

    1. Chairo

      Re: What?!

      why isn't Apple using signed bootloader like Winphone or some Androids

      The goal of IOS jailbreaking is not to install another OS. It is about patching the system in order to enable apps to run without signature and with root rights.

      This way you can run apps that Apple disapproves of (like emulators) and enable settings and functions that would otherwise be blocked.

      Oh, and yes, since IOS 6 (IIRC) they also use a signed bootloader. Part of the signature is the serial number of the device, so you need to obtain a key from Apple to reflash. And Apple only provides this key for the latest IOS version, making it impossible to fall-back to a earlier IOS version, if the new version turns out to be an ugly bundle of bugs that even makes you sick (like early IOS7 did). That might be one reason, why people hesitate to update their IOS devices, lately.

      1. Sandtitz Silver badge

        Re: What?! @Chairo

        "Oh, and yes, since IOS 6 (IIRC) they also use a signed bootloader."

        I stand corrected. Thank you.

  4. Velv
    Pirate

    OK, call me cynical, but you uncover an exploit and criminals are going to pay you a million dollars for it. And your confidence in receiving the money is how high?

    1. Anonymous Coward
      Anonymous Coward

      you uncover an exploit and criminals are going to pay you a million dollars for it. And your confidence in receiving the money is how high?

      I think the crims in question are the Five Spies network. They'll pay, so long as Zerodium have qualified as a framework supplier, filled in the NDA, carried out a health & safety assessment, completed a carbon emissions report etc etc.

      But even if they were selling to less official criminals, I'd still expect those people to pay, because crims never trust anyone, and so long as no bullets are exchanged that means escrow accounts, proof of merchandise, and trusted intermediaries. If Zerodium have anything about them, of course they'll be selling the same exploits to Five Spies, China, Russia, and an assortment of piss-pot third world dictatorships. Then they'll sell the same stuff to hacker groups. And once they've done those, then they offer it to Apple.

      In this respect, the intellectual property of code exploits enjoys a separate life to the software upon which it lives, although the business model is the same - develop the IP once, sell repeatedly.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like