PINDROP BLOG

Hack iOS 10 and Get $1.5 Million

The stakes in the vulnerability acquisition and bug bounty game have just gone up several notches, with a well-known security startup now offering $1.5 million for a remote jailbreak in iOS 10.

The payout was put on the table Thursday by Zerodium, a company that buys vulnerabilities and exploits for high-value target platforms and applications. The company has a set of standing prices for the information it will buy, which includes bugs and exploits for iOS, Android, Flash, Windows, and the major browsers, and the top tier of that list has been $500,000 for an iOS jailbreak. But that all changed on Thursday when Zerodium announced that the company has tripled the standing price for iOS to $1.5 million.

The change comes close on the heels of changes in the security of iOS. With the release of iOS 10 earlier this month, Apple continued to add defenses that make exploitation of the operating system more difficult. Chaouki Bekrar said the massive price increase for iOS jailbreaks is a reflection of the challenge that iOS 10 presents to researchers.

“We can afford to buy multiple iOS exploit chains for $1.5M each.”

“Higher difficulty & we want to attract more suppliers as we can afford to buy multiple iOS exploit chains for $1.5M each,” Bekrar said on Twitter.

The huge increase comes at an interesting time. Two weeks ago, Google’s Project Zero announced a $200,000 prize for a security researcher who submits a remote code-execution vulnerability that works on Android devices while knowing only the device’s phone number and email address. And last month at the Black Hat conference, Apple announced its bug bounty program, which will pay up to $200,000 for critical iOS vulnerabilities. But Apple’s program is different from what Zerodium is offering, as Apple is looking for specific kinds of bugs, such as those that affect the iPhone’s secure firmware components. Bekrar said that difference is important.

“For the record, Zerodium iOS bounty does NOT compete with Apple as we focus on browsers+kernel while they focus on secure boot and enclave,” he said.

The iPhone operating system is considered the most difficult mobile OS to compromise, and Apple has dedicate quite a bit of time, money, and resources to improving iOS security steadily over the years. Thus, the price for a remote jailbreak in iOS is the highest in Zerodium’s catalog. But the company also raised its price for a remote jailbreak in Android to $200,000, matching the Project Zero payout.

Webinar: Call Center Fraud Vectors & Fraudsters Analyzed