HACKING APPLE’S IOS isn’t easy. But in the world of cybersecurity, even the hardest target isn’t impossible—only expensive. And the price of a working attack that can compromise the latest iPhone is apparently somewhere around $1 million.
On Monday, the security startup Zerodium announced that it’s agreed to pay out that seven-figure sum to a team of hackers who have successfully developed a technique that can hack any iPhone or iPad that can be tricked into visiting a carefully crafted web site. Zerodium describes that technique as a “jailbreak”—a term used by iPhone owners to hack their own phones to install unauthorized apps. But make no mistake: Zerodium and its founder Chaouki Bekrar have made clear that its customers include governments who no doubt use such “zero-day” hacking techniques on unwitting surveillance targets.
In fact, Bekrar tells that two teams of hackers had attempted to claim the bounty, which was announced in September with an October 31st deadline. Only one proved to have developed a complete, working iOS attack. “Two teams have been actively working on the challenge but only one has made a full and remote jailbreak,” Bekrar writes. “The other team made a partial jailbreak and they may qualify for a partial bounty (unconfirmed at this time).”
Bekrar confirmed that Zerodium plans to reveal the technical details of the technique to its customers, whom the company has described as “major corporations in defense, technology, and finance” seeking zero-day attack protection as well as “government organizations in need of specific and tailored cybersecurity capabilities.” Zerodium’s founder also notes that the company won’t immediately report the vulnerabilities to Apple, though it may “later” tell Apple’s engineers the details of the technique to help them develop a patch against the attack.