News
News Categories

Hackers claim US$1 million bounty for remotely jailbreaking an iPhone

By Koh Wanzi - on 3 Nov 2015, 1:57pm

Hackers claim US$1 million bounty for remotely jailbreaking an iPhone

Someone just claimed the million-dollar bounty behind Zerodium's iOS 9 exploit challenge.

A team of hackers just claimed the US$1 million bounty offered by startup Zerodium, a platform that acquires zero-day exploits and sells them to its customers.

Zerodium’s challenge required hackers to find a way to remotely jailbreak a new iPhone or iPad that was running iOS 9.1 and 9.2b, the latest versions of Apple’s mobile OS, which would then allow attackers to install any app with full privileges. If the staggering million-dollar bounty wasn’t indication enough, this is no easy feat. 

To make things harder, Zerodium specified that the initial exploit had to come through Safari, Chrome, or a text or multimedia message. This meant that it was not enough to find just one zero-day vulnerability, and hackers had to effectively identify a series of unknown exploits. For instance, Pangu, a Chinese white hat hacking team, had earlier found a way to jailbreak the new iPhone, but they didn’t qualify for the bounty because their method required physical access to the phone.

According to Chaouki Bekrar, Zerodium’s founder, hackers needed to find at least two or three vulnerabilities in order to perform the jailbreak remotely. The winning team barely qualified for the bounty, submitting the exploits only a few hours before the challenge was set to expire. They reportedly discovered exploits in Chrome and iOS, which allowed them to achieve a “remote and full browser-based (untethered) jailbreak”, in the words of Bekrar.

The last time someone discovered how to remotely jailbreak an iPhone was over a year ago, with iOS 7.

While news of the hackers’ success may seem like bad news for Apple, it’s actually quite the opposite. As Bekrar points out, it is essentially free advertisement for Apple, and proof that iOS security is one tough nut to crack. Of course, there's no forgetting that Zerodium will probably be able to sell the exploit for more than it is paying out.

Source: Motherboard

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.