An anonymous team of hackers has been awarded a million-dollar bounty after successfully hacking Apple’s IOS 9.1 mobile operating system. The money has been paid out by Zerodium, a company that pays for security information and exploits, ready to sell them on to the highest bidder. It announced the competition — which it called The Million Dollar iOS 9 Bug Bounty — in late September, and confirmed it had a winner via its official Twitter account at the beginning of November.
According to Zerodium’s founder Chaouki Bekrar, speaking to Wired, there were two teams in the hunt for victory, but
only one came up with the real deal. The company was looking for something far
beyond the publicly available jailbreak methods, requiring a browser or
SMS-based, remotely carried out hack, that would result in the “remote,
privileged, and persistent installation of an arbitrary app.”
However, while this sounds innocuous, Zerodium will go on to
sell the hack to its customers, which apparently include technology companies, finance
institutions, and defense corporations. Government agencies are also mentioned
as Zerodium clients. Bekrar says he expects to sell the new iOS hack to a U.S.
customer. While such exploits could be valuable to companies wanting to ensure
their own devices are highly secure, they could also be equally valuable to
those interested in illicit surveillance.
There’s little chance of the vulnerabilities being fixed by
Apple in the very near future, at least off the back of this competition,
because Zerodium has no intention of informing Apple of the methods used at
this time. It may do so at a later date, but certainly not before its big
payday. If you’re wondering, while ethically questionable, Zerodium and its
clients aren’t doing anything illegal. The million-dollar bug hunt bounty
competition is therefore unlikely to be the last of its type, given the obvious
financial benefit to all involved.
Source: Yahoo
DROP YOUR COMMENT BELOW
No comments:
Post a Comment