Apple devices are considered extremely secure and difficult to hack. But, everything can be hacked—even the new iPhone.
It was perhaps only a matter of time before iOS9 was hacked, but it was definitely spurred on by a $1 Million bounty.
Over the weekend, security startup Zerodium announced that one hacker, or hacking team claimed their bounty for a zero-day in the latest iOS 9.
Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!
— Zerodium (@Zerodium) November 2, 2015
The challenge was to find a way to remotely exploit a new iPhone or iPad running the latest version of Apple’s mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants with full privileges. The initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, or a text or multimedia message to a device which was previously un-jailbroken.
This meant that a participant needed to find a series, or a chain, of unknown zero-day bugs, not just one, according to Patrick Wardle, a researcher that works at security firm Synack. For example, the Chinese white hat hacking team Pangu already found a way to jailbreak a new iPhone. That particular method didn’t work remotely.
Your guess is as good as mine as to what Zerodium will do with this exploit, but my guess involves them selling the exploit for a whole lot more than the $1 Million they will have paid to get the exploit.