Apple devices are generally considered by security experts to be safe, and rather difficult to hack. But difficult doesn’t mean impossible.
Over the weekend someone proved just how possible it is to hack at least one of these devices, the iPhone.
The hack came about as part of a challenge issued in September by bug bounty startup Zeriodium, which offered up a million dollar bounty for “an exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices” that was set to expire on October 31.
To complete the challenge, Zerodium required the exploit to work through a browser (Safari or Chrome) or a text/multi-media message. From there, Zerodium had to have full privileges and the ability to install any app it wanted.
This complicated the process for multiple reasons. For one, the last time a remote jailbreak happened was iOS7, and the hackers couldn’t rely on a single exploit — since the jailbreak had to work remotely — but instead needed a series of them to work in unison.
An unknown hacker (or collective) claimed the prize this weekend.
— Zerodium (@Zerodium) November 2, 2015
By mid-October, Chaouki Bekrar, founder of Zerodium, reported to Motherboard that the company was communicating with two separate teams, both working independently of one another, and of Zerodium. Both found themselves stuck, and unable to crack the same problem.
Bekrar hasn’t released the name of the individual, or team, and hasn’t responded to The Next Web’s request for comment.
Looking bigger picture, the reward at this point is almost irrelevant. Bekrar and his controversial company will no doubt be able to fetch a larger price tag by selling the information off to one of the many companies that find the information valuable.
VUPEN, for example, (Bekrar’s previous company) was known to pit government agencies against one another in a sort of intelligence arms race. By selling the hacks to “NATO governments and NATO partners” non-exclusively, VUPEN essentially has its hand in every pocket in the intelligence world by selling off these vulnerabilities and exploits to the highest bidders. You might have recognized one of its previous clients, The National Security Agency (NSA).
Although Apple has recently butted heads with the US government over its inability to break the encryption on new iPhones, this goes to show that secure doesn’t mean unhackable.
This new hack has implications far exceeding the million dollar bounty.
➤ Somebody Just Claimed a $1 Million Bounty for Hacking the iPhone [Motherboard]