Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×

Somebody Just Claimed a $1 Million Bounty For Hacking the iPhone (vice.com) 100

citadrianne writes with news that security startup Zerodium has just paid a group of hackers $1 million for finding a remote jailbreak of an iPhone running iOS 9. Vice reports: "Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities. The challenge consisted of finding a way to remotely jailbreak a new iPhone or iPad running the latest version of Apple's mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants app with full privileges. The initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, or a text or multimedia message. This essentially meant that a participant needed to find a series, or a chain, of unknown zero-day bugs."
This discussion has been archived. No new comments can be posted.

Somebody Just Claimed a $1 Million Bounty For Hacking the iPhone

Comments Filter:
  • Looks like they just used the 9.1 jailbreak released a couple weeks ago and claimed the reward after reverse engineering it.
    • Re:Stolen Work (Score:5, Interesting)

      by Anonymous Coward on Monday November 02, 2015 @06:50PM (#50851797)

      Nope. The title and summary of this article don't stress the important point: that it's purely browser-based. Visit the wrong website and you're compromised. Since the company is selling the exploit to the highest bidder, I'm sure it will be used to develop malware that is undetectable. Thanks, Apple!

      • Since the company is selling the exploit to the highest bidder, I'm sure it will be used to develop malware that is undetectable.

        It might have been bought by the NSA, or other country's spy group.

        • by tsa ( 15680 )

          It might be bought by Apple so they can find out how to patch it.

    • There is no 9.1 jailbreak released. Jailbreak was released for up to 9.0.2 and with 9.1 Apple "fixed" it.

  • The popcorn you are eating has been pissed in. Film at eleven.
  • by Anonymous Coward on Monday November 02, 2015 @06:48PM (#50851781)

    Unlike the last drive-by exploit (jailbreakme.com, several years ago), this one won't be used to create a jailbreak for users. Instead, the company plans to keep it secret from Apple, selling it to nefarious organizations such as “major corporations in defense, technology, and finance” [wired.com]. I'm sure that also includes government organizations.

    Lovely. If Apple had a bug bounty program, maybe the hacker would have sold it to them. Instead, their hubris sees them shut out, and their millions of users completely vulnerable.

    • by Anonymous Coward

      its because they don;t have the money... o wait

    • by postbigbang ( 761081 ) on Monday November 02, 2015 @06:56PM (#50851829)

      Apple's QA erodes further. They didn't pay bug bounties because they had the churl to believe in their own invincibility..... and like so many others, will meet their matches in new and interesting ways.

      • Re: (Score:1, Interesting)

        by Anonymous Coward

        Apple's QA is described perfectly in the phrase I've come to use whenever any news like this comes out:

        "You're holding it wrong."

        All you need to know about Apple and what passes for their QA is summed up in those four words.

        Your iPhone gets hacked due to their poor security? "You're holding it wrong."
        Your phone bends in your pocket because they didn't bother using enough material? "You're holding it wrong."
        Your iPhone gets terrible battery life because you didn't luck out in the chip lottery? "You're hol

        • Why bother paying bug bounties if you can let other people (jailbreakers) pay for them or discover them for free?
          And if you call Apple's IOS "terrible security", what do you call all the other phone OSes? Because IOS is currently most secure of them thanks to the jailbreaking/fixing rat race letting even certain South African murderers off the hook.
          For all we know, this might be just a publicity stunt. I don't even remember when we last had a browser based jailbreak that did not require cabled connection -

          • Why bother paying bug bounties if you can let other people (jailbreakers) pay for them or discover them for free?

            If you read the top level comment [slashdot.org] of this discussion thread you will see exactly why.

            • All this assumes that this press release is real. That somebody did really find this exploit. Which sound very unlikely. It has publicity bullshit written all over it.

              • Which sound very unlikely.

                Yes of course, because Apple just doesn't have bugs so it would be very unlikely that somebody would find one even if offered a million dollars to do so.

                It has publicity bullshit written all over it.

                Well obviously the company that paid it out is going to want to recoup their investment so they will publicize it. If they had nothing then there is nothing to publicize.

                • by shitzu ( 931108 )

                  Which sound very unlikely.

                  Yes of course, because Apple just doesn't have bugs so it would be very unlikely that somebody would find one even if offered a million dollars to do so.

                  No. Apple has had bugs aplenty. But we've been hearing for quite some time that the jailbreaking is getting harder and harder. And that by teams of people who have spent years and years on it. We have not seen a browser based jailbreak for quite a long time and it is extremely unlikely, that there is one now.

                  Well obviously the company that paid it out is going to want to recoup their investment so they will publicize it. If they had nothing then there is nothing to publicize.

                  What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.

                  I am not saying that jailbreaking is impossible due to the high standards of programming at Apple. I

                  • We have not seen a browser based jailbreak for quite a long time and it is extremely unlikely, that there is one now.

                    Why? We had remote jailbreaks in ios7 just last year, what has changed since then that makes it "extremely unlikely" now?

                    What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.

                    That makes no sense. The publicity is centered around this one thing, if they can't deliver it to the people they are publicizing it to then they just expose themselves as idiots.

                    I am saying that these guys are just bullshitting.

                    Just because you don't like the idea of it.

                    • by shitzu ( 931108 )

                      What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.

                      That makes no sense. The publicity is centered around this one thing, if they can't deliver it to the people they are publicizing it to then they just expose themselves as idiots.

                      Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.

                      IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains. Many news articles carrying their name as people who pay millions for vulnerabilities and also people who s

                    • Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.

                      Except to their potential customers to whom they have nothing to sell.

                      IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains.

                      No, if you read what they do it is selling the exploits to government agencies so it won't be publicly disclosed as a jailbreak.

                      I am just saying it smells like a publicity bullshit.

                      And like i said, that makes absolutely no sense whatsoever. If they have nothing to offer then publicity is pointless.

                    • by shitzu ( 931108 )

                      Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.

                      Except to their potential customers to whom they have nothing to sell.

                      "We have sold it to customer Y exclusively, but come to us with any other needs"

                      IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains.

                      No, if you read what they do it is selling the exploits to government agencies so it won't be publicly disclosed as a jailbreak.

                      Government agencies do not need exploits, they can order a backdoor, and probably have.

                      I am just saying it smells like a publicity bullshit.

                      And like i said, that makes absolutely no sense whatsoever. If they have nothing to offer then publicity is pointless.

                      In a world where Kardashians exist? Publicity is worth much more than any exploit or deliverable good or service.

                    • "We have sold it to customer Y exclusively, but come to us with any other needs"

                      If they have nothing to sell that is pointless, what are they going to offer?

                      Government agencies do not need exploits, they can order a backdoor, and probably have.

                      Yes of course, maybe you should take your idea to all those agencies complaining about the inability to access seized Apple devices.

                      In a world where Kardashians exist? Publicity is worth much more than any exploit or deliverable good or service.

                      So you don't actually know or have any idea at all, your answer is just "because of the Kardashians".

                    • by shitzu ( 931108 )

                      Yes, you've nailed it, your reading skills are excellent. Because of the Kardashians.

                    • Yes, you've nailed it, your reading skills are excellent. Because of the Kardashians.

                      Well that is what you said: "In a world where Kardashians exist? Publicity is worth much more than any exploit or deliverable good or service.", it's complete and utter rubbish but it is what you said.

        • by Anonymous Coward

          So a problem that was confined to the first generation iPhone 4 (I have a 4S that I still use at the gym and it is still going strong -battery life with everything turned on is still > 20 hours- and when it was my primary phone, I would hold it like a roll of quarters and I never had a problem) and a problem created by faking the video -in actuality, only 6 of the 13 million sold on the first weekend had the problem; only 9 if you count the ones that no one at Apple got to see because they were never sen

    • by gl4ss ( 559668 )

      well, every version of safari so far has had remote execution bugs in it.

      it's kind of puzzling how many they can have, actually, or if they just keep adding shit that creates new holes.

  • If it looks like BS, sounds like BS, and smells like BS, then it's probably some stupid marketing exec's scheme to drum up publicity.
  • This exploit would allow [the NSA and CIA] to get around any security measures and get into the target’s iPhone to intercept calls, messages, and access data stored in the phone.

    The NSA and CIA are going to circumvent technological measures in contravention of the DMCA? Does the FBI know about this?

    • They're not circumventing digital rights management systems
      Can you explain how this would violate the DMCA?

    • Even if this did otherwise come under the DMCA, there's probably an exception in the law for US security services.

  • iphone hack (Score:5, Funny)

    by Anonymous Coward on Monday November 02, 2015 @06:54PM (#50851815)

    This story is just ludicrous. I mean come on, really.

    -- Sent from my iPhone

    **Buy penis enlargement pills and viagra CHEAP! www.haxorezhackedme.com/viagra1.asp

  • by koan ( 80826 )

    The NSA is furious!

    • by PRMan ( 959735 )
      Yeah, now they have to pay a few million to have it delivered to them on a silver platter. What a bummer!
      • Yeah, now they have to pay a few million to have it delivered to them on a silver platter. What a bummer!

        You mean now they have to go through all the data they already collected on Zerodium to get the hack for free.

      • Yeah, now they have to pay a few million to have it delivered to them on a silver platter. What a bummer!

        If you're talking about the NSA, You mean:

        "Yeah, now we have to pay a few million to have it delivered to them on a silver platter."

        FTFY.

  • by Anonymous Coward on Monday November 02, 2015 @07:13PM (#50851941)

    Surely an unknown zero-day remote exploit would worth more than a publicized one?

    If you are in the business of buying zero-days and sell to the highest bidder, it doesn't make sense to let Apple know that one is found. A much better approach is to require anyone claiming the bounty to keep quiet, so the buying can use the zero-day for much longer before anyone notice.

    • by AHuxley ( 892839 )
      It can be about attracting and buying up skills. The more people know who is buying, the prices and that people from around the world will be trusted to buy and sell long term, the better branding for the bounty system.
      Better to attract ten new ways in from different skilled creators than hope a good hidden method stays open.
      • by KGIII ( 973947 )

        Interestingly enough, I notice the lack of three people who constantly scream about their iDevices and how glorious they are. Ah well... I don't have anything against Apple but I do find some of their believers to be a bit much. I'd think it a bit more honest of them to come in here and accept the music rather than trying to minimize it or ignore it.

        Yeah, it has a security issue. So? Everything out there probably does. Give someone incentive and it will be found. Nothing is secure. Blindly following a greed

        • Interestingly enough, I notice the lack of three people who constantly scream about their iDevices and how glorious they are. Ah well... I don't have anything against Apple but I do find some of their believers to be a bit much. I'd think it a bit more honest of them to come in here and accept the music rather than trying to minimize it or ignore it.

          Yeah, it has a security issue. So? Everything out there probably does. Give someone incentive and it will be found. Nothing is secure. Blindly following a greedy corporation is just silly.

          Well, if it is only accessible through Chrome, then it is more likely a Chrome vulnerability than an iOS one. But it still sounds fairly "real".

          The question is, is this something that is exploitable as a "Drive-By", or does it have so many moving parts that the only people that will be "exploited" will be those who WANT to JailBreak their iPhones?

          Oh, and now, who were the other two? ;-)

    • Indeed. Anybody paying for exploits or vulnerabilities is also paying for exclusivity. Even the vendor bug bounty programs, which constitute the moral high ground in disclosing security problems, don't pay out unless you keep it quiet until they issue a patch.
  • by Anonymous Coward

    Sounds like a zeroium marketing ploy. After all they've just set up, offered $1 MEELLION, make a fake payout, free publicity...
    Now they have an exploit worth $1 MEALYON, at least in publicity terms.

    Or perhaps they've been paid to attack the trust in iPhone by creating the illusion of a well hacked phone.

    > "Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities."

    So basi

  • It's dubious how much that exploit is worth... as Chrome is not preinstalled in any iOS device. Apple can just ban the app it until it gets a security update.

    • I though Apple wouldn't let other browsers run on iOS? Everything else was just a skin for Safari.

      • AIUI, Apple doesn't allow other rendering engines, so all the browsers have to use the iOS version of Webkit. That leaves room for a lot of differences.

    • AFAIK Chrome uses the same rendering engine as Safari, so what is the point in banning it?
      Where would be the extra explot path in Chrome versus Safari? IMHO there is none.

      • Just because Chrome uses the same renderer as Safari doesn't mean that the apps are identical in every way.

      • the rendering engine is the same (WebKit), but the JavaScript interpreter/JIT is different; Safari uses Nitro; which non-Safari apps can't use.

        • by tlhIngan ( 30335 )

          the rendering engine is the same (WebKit), but the JavaScript interpreter/JIT is different; Safari uses Nitro; which non-Safari apps can't use.

          The reason for this is Nitro compiles Javascript code to native code, something most high end JavaScript engines do these days. But that introduces an obvious security hole, so what Apple did was sandbox Safari even more so Safari can't do things that regular applications can to avoid security issues.

          Regular UIWebView applications can't use this because it would be t

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...