Cyber security firm offers $1 mn bounty to hack iOS 9

23 Sep 2015

Computer security firm Zerodium today offered a $1-million bounty to hackers who could breach Apple's latest iOS 9 mobile operating system.

Zerodium, which was launched early this year by US French online security expert Chaouki Bekrar, said it would pay $1 million each to as many as three people or teams who managed to break into iPhones or iPads equipped with the iOS 9 software.

To win the money, hackers would need to use a web page or text message to remotely bypass the iOS 9 security and discretely install an application on the iPhone or iPad by 31 October, according to the company's online statement.

The hackers would need to exploit a weakness in the security system that was not known.

According to Zerodium, Apple's operating system was the most secure on the market.

''But don't be fooled. Secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here is where the million dollar iOS 9 bug bounty comes into play.''

Zerodium said it rewarded independent researchers for discovering new software vulnerabilities and then analysed the security data to help corporate and government agency clients to beef up their online defences.

Vupen, another company founded by Bekrar sells computer exploits & bugs discovered through research.

Zerodium's business is based on research conducted outside the company.

Bekrar said that Zerodium paid out $100,000 to $ 150,000 every week to researchers who had indentified zero-day vulnerabilities and exploits.

According to commentators, the business models of both companies were quite controversial and the chief technologist at the American Civil Liberties Union said they were modern-day merchants of death since their purchases could not be monitored, nor the exploits they sold.

In August researchers Kevin Mahaffey and Marc Rogers demonstrated they were able to hack into the Tesla Model S, an exploit said to be very difficult but not impossible, CNET reported. (See: Hacker duo demonstrate how they hacked into a Tesla Model S).