Apple iPhone users are in for a major surprise to find out that their iPhones have been hacked. A self-described firm in which describes themselves as “A Premium Exploit Acquisition Platform” just paid an undisclosed hacking group $1 Million. The reason for the payout was to have this hack group remotely jail break into the latest iPhone operating system, reasoning behind this exploit is to open a new door way for spy agencies to “Watch” your every move on your new iPhone.
Zerodium Modus Operandi, a French Cybersecurity company, is a largely collection of “Zero-Day” exploits and vulnerabilities (Holes in software packages in which is unknown to the vendor). With this information, hackers without any means of fear can be patched up.
Zerodium is rather shy and quite about revealing any of the specifications to consumers. Other ordinary security firms would inform the device’s manufacturer right away, and if applicable collect their reward. The bounty for the exploit was placed in the later days of September, this includes a multi-million dollar prize stashed just for the winner.
The million dollar iOS 9 Bug Bounty offer read “is tailored for experienced security researchers, reverse engineers, and jailbreak developers, and is an offer made by Zerodium to pay out a total of three million U.S. dollars in rewards for iOS exploits/jailbreaks.” As stated from Zerodium.com.
At this time, not much information is known about the technical specifications about the actual hack itself.
The original iOS Challenge from Zerodium actually requires the crack to be able to operate on an iPhone as well as iPad and should be able to be executable from multiple browsers. The crack is also supposed to work with text and multimedia messaging, this means that the winners of this challenge had to find an entire chain of bugs in the iOS platform.
Requiring the usage of the exploit remotely by means of Safari or even Chrome would require an additional 2 or 3 exploits. The winning team of this major exploit upon Apple iOS was uploaded and submitted just a few mere hours before the deadline. The result in which Zerodium was sent from this unmarked/unnamed hacker group is rather impressive. The iPhone was jail-broken remotely and then the client’s imagination can do as they wish.
Ironically this is not such an isolated case, in fact a Chinese hacker group “Pangu” had already hacked their way into the new iPhone however their exploits are not remote as Zerodium wanted.
As if things could not get any worse, Zerodium’s predecessor, VUPEN, was founded in September and are to be in cahoots with the NSA. The agency famous the world over for secret and illegal blanket surveillance, in which are in accordance to documentations in which was obtained by Muckrock through the Freedom of Information Act.
However, most of us are not surprised at all by this exploit upon Apple. In fact spy agencies, as well as government agencies, do not make any attempts to hide or even cover up the fact that they are looking into exploiting our devices for their own personal gain.
Though despite the evidence of the exploit of the vulnerability of the company’s newest iPhone, Apple did not respond with a comment. A former NSA employer did state that the hefty price for the exploit of $1 Million is a great price for the group’s troubles, as you can sell the exploit to the right people you can gain so much more. At this current point in time, Zerdium is still performing rigorous tests upon the hack of the entire “Bug” to see if it will indeed hold up. Despite of the secretive nature of the hack, Apple will probably come up with a patch in a few weeks to a few months. iPhone users can only hope that there will be a solution to this exploit.