Amid revelations that a rogue version of Xcode, downloaded from Baidu, helped spread malware to 39 iOS apps, a security company known as Zerodium says that it will pay $1 million for a method that can hack into iOS 9. The latest version of Apple’s mobile OS was just pushed out by the tech titan last week. The company says that it will be willing to pay the $1 million more than once, but says that it won’t payout more than $3 million.
To claim the $1 million ‘prize’, a person must submit a technique to Zerodium that will remotely take control of an iPhone or iPad running iOS 9. This can be achieved through the use of a web page that targets the default configuration of mobile Safari or Google Chrome, or through a web page that targets any app reachable via the browser, or via a text message. The bug cannot be disclosed to Apple or be publicly revealed. The company will end up selling these techniques to governments or corporations. Zerodium founder Chaouki Bekrar also founded French hacking Vupen, which develops “intrusion software” and sells it to government agencies world-wide.
Zerodium’s main goal is to capture the most advanced zero-day exploits and the highest risk vulnerabilities which are discovered, held, or sometimes stockpiled by talented researchers around the globe.”-Chaouki Bekrar, founder, Zerodium
Zerodium, which was launched this summer, sells what is known as Zero-day vulnerabilities to both governments and corporations. According to Bekrar, once an exploit is sold to an agency by Vupen, he has no way of knowing how it is used or who it is shared with. “We do the best we can to ensure it won’t go outside that agency,” Bekrar said back in 2012. “But if you sell weapons to someone, there’s no way to ensure that they won’t sell to another agency.”
The million dollar offer is open until October 31st, 2015, or until $3 million is paid out by Zerodium.
Thanks for the tip!