Cybersecurity startup Zerodium has awarded a team of hackers $1 million for their ability to find a zero-day discovery related to the Apple mobile operating system.
Through its The Million Dollar iOS 9 Bug Bounty program, Zerodium hosted a contest where experienced security researchers, reverse engineers and jailbreak developers competed to see who could produce iOS exploits/jailbreaks for the chance to win up to $3 million in rewards.
Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!
— Zerodium (@Zerodium) November 2, 2015
In order to win some or part of the prize money, participants in the competition were tasked with creating and submitting an “exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices,” the zero-day acquisition platform said in a press release back in September. Zero-day exploits are security vulnerabilities or holes that have not been brought to the attention of the public and they are usually worth a great deal of money once they are discovered. As Mashable reported today, government organizations or corporations will sometimes pay top dollar to the person who can uncover a zero-day vulnerability. Since Apple’s iOS platform is well-known for being a secure option as compared to other mobile operating systems, discovering vulnerabilities or security threats has the potential to come with big rewards. While specific information about the winning exploit in Zerodium’s competition has not been made public (no surprise there), the company told Wired it plans to reveal the technical details of the winning technique to its customers, which include “major corporations in defense, technology, and finance” seeking protection against zero-day attacks and “government organizations in need of specific and tailored cybersecurity capabilities.” Interestingly enough, Zerodium founder Chaouki Bekrar explained to Wired that there are no plans to make Apple’s engineers aware of the vulnerability just yet. Instead, he confirmed that the company may clue Apple in “later” to help them build a patch to address the vulnerability. Despite the fact there is an Apple iOS security threat floating around with no immediate fix available, Bekrar said via Twitter that the security flaw hadn’t impacted his decision to use his Apple device.
Despite @Zerodium iOS remote jailbreak I still feel safe using my iPhone, knowing how hard it is. Attacking iOS costs x10 more than Android! — Chaouki Bekrar (@cBekrar) November 3, 2015