Here comes a time when companies are offering money to hackers who can provide a way of infecting the iPhones and iPads of individuals.
Zerodium, a company that acquires exploits, has announced to pay $1 million USD to those that can provide a good enough iOS 9 jailbreak.
The company launched “The Million Dollar iOS 9 Bug Bounty” program which aimed to buy an “exclusive, browser-based, and untethered jailbreak” for Apple’s latest mobile operating system.
The company explained the reason behind the program in a blog, “Apple iOS, like all operating system, is often affected by critical security vulnerabilities, however due to the increasing number of security improvements and the effectiveness of exploit mitigations in place, Apple’s iOS is currently the most secure mobile OS. But don’t be fooled, secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here’s where the Million Dollar iOS 9 Bug Bounty comes into play.”
According to the post, the Million Dollar iOS 9 Bug Bounty is tailored for experienced security researchers, reverse engineers, and jailbreak developers, and is an offer made by ZERODIUM to pay out a total of three million U.S. dollars ($3,000,000.00) in rewards for iOS exploits/jailbreaks.
“ZERODIUM will pay out one million U.S. dollars ($1,000,000.00) to each individual or team who creates and submits to ZERODIUM an exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices,” the company added.
The company has given some rules which a hacker need to follow the jailbreak must be reliable, silent, and doesn’t require any actions to be taken by the user, save for visiting a web page or reading a text/MMS message. Similarly, they must work on a wide range of Apple hardware, including the iPhone 6S and 6S Plus. The pair of phones doesn’t go on sale until September 25, while the bounty program expires on October 31, giving people a little over a month to get their potential exploits working on the new phones.
“Partial or incomplete exploits/jailbreaks will not be eligible for the Million Dollar iOS 9 Bug Bounty. ZERODIUM may, at its sole discretion, make a distinct offer to acquire such partial exploits. All submissions must be made exclusively to ZERODIUM and must include the fully functioning exploit and its source code (if any), and a detailed whitepaper describing all the zero-day vulnerabilities and techniques used in the jailbreak,” the post added.