Posted on 09/21/2015 7:48:44 PM PDT by Swordmaker
While millions of iPhone users have eagerly upgraded to iOS 9, a new race is on among researchers to find critical flaws in Apple’s software, and they’re throwing around more cash than ever to get hackers to find the holes.
A new security industry firm called Zerodium announced today that it will pay hackers $1 million for a single exploit that allows attackers to break into an iPhone or iPad running iOS 9. The company says its even willing to pay the bounty multiple times, as long as the exploits break through iOS 9’s security flaws a certain way.
Thanks to a number of security improvements, iOS is currently the most secure mobile OS, according to Zerodium. But dont be fooled, secure does not mean unbreakable,” Zerodium says on its website announcing the bounty. “It just means that iOS has currently the highest cost and complexity of vulnerability exploitation and heres where the Million Dollar iOS 9 Bug Bounty comes into play.”
Those hoping to claim the $1 million bounty face a strict time limit. Zerodium is giving hackers until October 31st to submit entries, meaning developers have less than two months to create and deploy a proof of concept for the exploit.
It’s more likely that the time limit will pass before anyone successfully claims the prize, but the huge purse should be enough to tempt some of best developers to take a shot at it.
The terms for Zerodium’s contest state that the exploit must allow attackers to remotely and silently install an arbitrary app like Cydia on a iOS 9 device via a webpage attack or text message. Eligible submissions must include a full chain of unknown, unpublished, and unreported vulnerabilities/exploits.
If you think you got the chops to win, you can learn all about the contest details over at Zerodium.
If you want on or off the Mac Ping List, Freepmail me.
Lots of free advertising, very unlikely to actually pay.
Another unknown company plugs itself through PRNewswire, gets picked up on blogs everywhere.
Glad I can still Root my Android device.
I suspect you're right. Some speculate this may be a subsidiary of Apple looking for a way to get find bugs to close. This would be a good way to find them. On the other hand these may be crooks. . . and they won't pay.
They do not seem to have a track record anywhere, according to some of the commenters.
You can jailbreak an iPhone, but then it is no longer secure from malware.
Good to know you can still JB iOS
http://www.ios9cydia.com/ios-9-jailbreak.html
It is true. IOS 9 is untethered JB capable, but i would wait till a bullet proof JB is available.
Ah yes, Android, that shining example of security.
Security easily broken by entering a really long wrong password.
What are the odds that Zerodium is based out of Fort Meade?
It’s not quite that simple as entering a really long password and I my device does not go unsecured/out of my physical control.
I used to do iPhones/JB/Cydia etc...but migrated over to Android and like it better.
It’s not quite that simple as entering a really long password and I my device does not go unsecured/out of my physical control.
I used to do iPhones/JB/Cydia etc...but migrated over to Android and like it better.
Anybody willing to put up this kind of money with Microsoft in mind?
Then again, it’s not much harder than entering a really long password. Not like a couple extra taps really mitigate the problem. And not like you’ll never ever lose physical control of your device.
But then again, if you’re comfortable with deliberately breaking the security provided by the operating system such that malware et al have a good shot at your data, then I suppose really long passwords aren’t a problem to you.
The more I hear the reasons for “walled gardens suck!” and the weeds open gardens have to deal with, the more I like the walled garden: I can get $#!^ done without having to waste time dealing with the malicious.
From their website:
ZERODIUM customers are major corporations in defense, technology, and finance
Sure they are...
:)
LOL! The Apple Haters mostly don't own iDevices! Heck, they wouldn't use an iDevice if you paid them a million bucks, and... hey wait a minute...
Zerodium founder Chaouki Bekrar has long been one of the few public faces of the zero-day industry; In addition to his new startup Zerodium, which launched in July, hes also the founder of the more established French hacking firm Vupen, which has been unusually open about the fact that it develops intrusion techniques for popular software and sells them to government agencies around the world. With the new company and his flashy iOS bounty, Bekrar is expanding from merely creating zero-days to brokering them, too, as a kind of hacker middleman.I'm old, I just don't like a world that rewards these guys.
The Hacker Team, the group who actually does have the expertise and reputation and really sells the mobile device intrusion tools to the government agencies such as the NSA, CIA, FBI, MI5, The Suretė, and police departments around the world who has the resources to shove at the breaking of even the most difficult nuts, says they have successfully developed tools for every mobile platform except un-jail broken iOS devices! I can see why this upstart is offering such a high bounty.
Not sure why anyone would be concerned with IOS9, since (last I looked) IOS15 is the current version?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.