The government would love to get its hands on a foolproof way to break into the new highly encrypted iPhone. And it looks like some clever hackers just gave it to them.
Bug bounty startup Zerodium just announced that a team has figured out how to remotely jailbreak the latest iPhone operating system and will take home a million dollar prize. It’s unclear if Apple will get a peek at the zero-day exploit:
Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!
— Zerodium (@Zerodium) November 2, 2015
But wait, isn’t that what security researchers are supposed to do? Expose the exploit? Not when there’s this kind of cash on the line.
The hack itself seemed impossible. Zerodium required the exploit to work through a Safari, Chrome, a text message, or a multimedia message. This meant that hackers wouldn’t have to find just one vulnerability but rather a chain of them that would enable them to jailbreak an iPhone from afar. Once the phone’s jailbroken, the hackers could ostensibly download apps to the phone or even upload malware. It could also be a killer surveillance tool for anyone from law enforcement to spy agencies, which is what makes the details of this situation even more unsettling.
Zerodium is no ordinary security company. As Motherboard’s Lorenzo Francheschi-Biccierai explains:
[Founder Chaouki] Bekrar and Zerodium, as well as its predecessor VUPEN, have a different business model. They offer higher rewards than what tech companies usually pay out, and keep the vulnerabilities secret, revealing them only to certain government customers, such as the NSA.
Oh, that sounds bad. But it gets worse:
But there’s no doubt that for some, this exploit is extremely valuable. …This exploit would allow [law enforcement and spy agencies] to get around any security measures and get into the target’s iPhone to intercept calls, messages, and access data stored in the phone.
So unlike a lot of news that comes out of the security industry, this is a real threat. Zero-day vulnerabilities are often shared with the vendor before research is released so that they can have a patch ready. In this case, Zerodium and the winning team of now millionaire hackers will probably keep the bug a secret so that the proprietors of state secrets can take advantage of it. Again, Bekrar and his various ventures have been doing this for years.
There’s a chance Apple will figure out how to patch the vulnerability before the NSA takes off with it. After all, the Cupertino-based purveyor of very expensive gadgets is historically terrific at security. This is actually the first report of a method for jailbreaking an iPhone remotely since iOS 7. Hopefully, it will be the last.
[Motherboard, Wired, Forbes]