New Delhi: No one can escape hacking. Not even the latest Apple iPhone, which was successfully hacked by someone over the weekend for a bounty of a whopping $1 million.
A new startup Zerodium set the bounty program to trespass the secure device. The challenge consisted of finding a way to remotely jailbreak a new iPhone or iPad running the latest version of iOS (here iOS 9.1 and 9.2b), so that the attacker is able to install any app with full privileges.
The initial exploit had to come through Safari, Chrome, or a text or multimedia message.
A report on Motherboard notes that this essentially meant that the hacker needed to find a series of unknown zero-day bugs to carry out the hack remotely.
Zerodium founder Chaouki Bekrar said, “Making the jailbreak remotely triggerable via Safari or Chrome requires at least two to three additional exploits compared to a local jailbreak.”
The winning team found a ‘number of vulnerabilities’ in Chrome and iOS to bypass almost ‘almost all mitigations’ and achieve ‘a remote and full browser-based (untethered) jailbreak.’
Although Apple is yet to acknowledge or confirm the exploit, but if proven true, this could be the latest publically known way to jailbreak an iPhone remotely since iOS 7.
While tech companies themselves host big bounty programs for hackers to test their products and services for possible vulnerabilities, companies like Zerodium have a different business model. First, they offer higher bounties than what tech companies usually award. Second, they keep the exploits secret, revealing them to only certain government agencies like the NSA.
This could prove as a fatal blow to Apple’s image of offering secure devices which are impossible to break into and also allow controversial agents of the government or otherwise intercept calls, messages, and access data of the particular device.
As Zerodium is still testing the vulnerabilities to make sure the exploit chain “fully meets the bounty rules,” Bekrar said that Apple is expected to fix the bugs in a few weeks or few months time.
Comments
0 comment