Somebody Just Claimed a $1 Million Bounty For Hacking the iPhone (vice.com) 100
citadrianne writes with news that security startup Zerodium has just paid a group of hackers $1 million for finding a remote jailbreak of an iPhone running iOS 9. Vice reports: "Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities. The challenge consisted of finding a way to remotely jailbreak a new iPhone or iPad running the latest version of Apple's mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants app with full privileges. The initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, or a text or multimedia message. This essentially meant that a participant needed to find a series, or a chain, of unknown zero-day bugs."
Stolen Work (Score:1)
Re:Stolen Work (Score:5, Interesting)
Nope. The title and summary of this article don't stress the important point: that it's purely browser-based. Visit the wrong website and you're compromised. Since the company is selling the exploit to the highest bidder, I'm sure it will be used to develop malware that is undetectable. Thanks, Apple!
Re: Stolen Work (Score:5, Insightful)
Chrome on iOS isn't actually chrome. All the rendering is done by safari, since Apples app store rules don't permit 3rd party web renderers.
Consider Chrome on iOS to be 'safari with a shell that syncs bookmarks'.
Re: (Score:1)
If Chrome is just a Safari wrapper, why didn't the hackers just use Safari then? An exploit using the browser used by the vast majority of iOS users is surely more useful than one used only by those who installed Chrome? Most iOS users hardly know what a web browser is, they just know the blue compass icon gets them onto the internet.
So no, the exploit seems to be specific to Chrome. That's no excuse for Apple (no hijacked app should be able to install apps), but Google does share a small part of the blame.
Re: (Score:3)
Safari is an app. The Apple webview that Chome and all other apps with webview use is built on WebKit.
A browser (such as Safari or Chrome) does a fair number of other things than bookmarks. And a webview isn't just a black box. It has callbacks to the app for all manner of events, and options.
If the exploit is specifically on Chrome and not Safari, then it's probably but not definitely, Google's fault.
Re: (Score:3)
If the exploit requires Google code (Chrome for iOS) to be successful, how is it *not* Google's fault, at least in part?
It is to a degree, but the main point of a "sandbox" is to prevent an application's security vulnerability from compromising the whole OS. If the application is properly sandboxed then whether it is secure or not shouldn't matter with respect to the security of the OS.
Re: (Score:1)
If the exploit is specifically on Chrome and not Safari, then it's probably but not definitely, Google's fault.
If an exploit in a sandboxed application can compromise the security of the entire system then it most definitely is Apple's fault for the poor security design of their system that fails to properly sandbox applications.
Re: (Score:2)
Since the company is selling the exploit to the highest bidder, I'm sure it will be used to develop malware that is undetectable.
It might have been bought by the NSA, or other country's spy group.
Re: (Score:2)
It might be bought by Apple so they can find out how to patch it.
Re: Stolen Work (Score:2)
There is no 9.1 jailbreak released. Jailbreak was released for up to 9.0.2 and with 9.1 Apple "fixed" it.
interesting (Score:2)
Exploit will be sold, kept secret from Apple (Score:5, Insightful)
Unlike the last drive-by exploit (jailbreakme.com, several years ago), this one won't be used to create a jailbreak for users. Instead, the company plans to keep it secret from Apple, selling it to nefarious organizations such as “major corporations in defense, technology, and finance” [wired.com]. I'm sure that also includes government organizations.
Lovely. If Apple had a bug bounty program, maybe the hacker would have sold it to them. Instead, their hubris sees them shut out, and their millions of users completely vulnerable.
Re: (Score:1)
its because they don;t have the money... o wait
Re:Exploit will be sold, kept secret from Apple (Score:4, Insightful)
Apple's QA erodes further. They didn't pay bug bounties because they had the churl to believe in their own invincibility..... and like so many others, will meet their matches in new and interesting ways.
Re: (Score:1, Interesting)
Apple's QA is described perfectly in the phrase I've come to use whenever any news like this comes out:
"You're holding it wrong."
All you need to know about Apple and what passes for their QA is summed up in those four words.
Your iPhone gets hacked due to their poor security? "You're holding it wrong."
Your phone bends in your pocket because they didn't bother using enough material? "You're holding it wrong."
Your iPhone gets terrible battery life because you didn't luck out in the chip lottery? "You're hol
Re: Exploit will be sold, kept secret from Apple (Score:2)
Why bother paying bug bounties if you can let other people (jailbreakers) pay for them or discover them for free?
And if you call Apple's IOS "terrible security", what do you call all the other phone OSes? Because IOS is currently most secure of them thanks to the jailbreaking/fixing rat race letting even certain South African murderers off the hook.
For all we know, this might be just a publicity stunt. I don't even remember when we last had a browser based jailbreak that did not require cabled connection -
Re: (Score:2)
Why bother paying bug bounties if you can let other people (jailbreakers) pay for them or discover them for free?
If you read the top level comment [slashdot.org] of this discussion thread you will see exactly why.
Re: Exploit will be sold, kept secret from Apple (Score:2)
All this assumes that this press release is real. That somebody did really find this exploit. Which sound very unlikely. It has publicity bullshit written all over it.
Re: (Score:2)
Which sound very unlikely.
Yes of course, because Apple just doesn't have bugs so it would be very unlikely that somebody would find one even if offered a million dollars to do so.
It has publicity bullshit written all over it.
Well obviously the company that paid it out is going to want to recoup their investment so they will publicize it. If they had nothing then there is nothing to publicize.
Re: (Score:2)
Which sound very unlikely.
Yes of course, because Apple just doesn't have bugs so it would be very unlikely that somebody would find one even if offered a million dollars to do so.
No. Apple has had bugs aplenty. But we've been hearing for quite some time that the jailbreaking is getting harder and harder. And that by teams of people who have spent years and years on it. We have not seen a browser based jailbreak for quite a long time and it is extremely unlikely, that there is one now.
Well obviously the company that paid it out is going to want to recoup their investment so they will publicize it. If they had nothing then there is nothing to publicize.
What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.
I am not saying that jailbreaking is impossible due to the high standards of programming at Apple. I
Re: (Score:2)
We have not seen a browser based jailbreak for quite a long time and it is extremely unlikely, that there is one now.
Why? We had remote jailbreaks in ios7 just last year, what has changed since then that makes it "extremely unlikely" now?
What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.
That makes no sense. The publicity is centered around this one thing, if they can't deliver it to the people they are publicizing it to then they just expose themselves as idiots.
I am saying that these guys are just bullshitting.
Just because you don't like the idea of it.
Re: (Score:2)
What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.
That makes no sense. The publicity is centered around this one thing, if they can't deliver it to the people they are publicizing it to then they just expose themselves as idiots.
Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.
IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains. Many news articles carrying their name as people who pay millions for vulnerabilities and also people who s
Re: (Score:2)
Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.
Except to their potential customers to whom they have nothing to sell.
IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains.
No, if you read what they do it is selling the exploits to government agencies so it won't be publicly disclosed as a jailbreak.
I am just saying it smells like a publicity bullshit.
And like i said, that makes absolutely no sense whatsoever. If they have nothing to offer then publicity is pointless.
Re: (Score:2)
Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.
Except to their potential customers to whom they have nothing to sell.
"We have sold it to customer Y exclusively, but come to us with any other needs"
IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains.
No, if you read what they do it is selling the exploits to government agencies so it won't be publicly disclosed as a jailbreak.
Government agencies do not need exploits, they can order a backdoor, and probably have.
I am just saying it smells like a publicity bullshit.
And like i said, that makes absolutely no sense whatsoever. If they have nothing to offer then publicity is pointless.
In a world where Kardashians exist? Publicity is worth much more than any exploit or deliverable good or service.
Re: (Score:2)
"We have sold it to customer Y exclusively, but come to us with any other needs"
If they have nothing to sell that is pointless, what are they going to offer?
Government agencies do not need exploits, they can order a backdoor, and probably have.
Yes of course, maybe you should take your idea to all those agencies complaining about the inability to access seized Apple devices.
In a world where Kardashians exist? Publicity is worth much more than any exploit or deliverable good or service.
So you don't actually know or have any idea at all, your answer is just "because of the Kardashians".
Re: (Score:2)
Yes, you've nailed it, your reading skills are excellent. Because of the Kardashians.
Re: (Score:2)
Yes, you've nailed it, your reading skills are excellent. Because of the Kardashians.
Well that is what you said: "In a world where Kardashians exist? Publicity is worth much more than any exploit or deliverable good or service.", it's complete and utter rubbish but it is what you said.
Re: (Score:1)
So a problem that was confined to the first generation iPhone 4 (I have a 4S that I still use at the gym and it is still going strong -battery life with everything turned on is still > 20 hours- and when it was my primary phone, I would hold it like a roll of quarters and I never had a problem) and a problem created by faking the video -in actuality, only 6 of the 13 million sold on the first weekend had the problem; only 9 if you count the ones that no one at Apple got to see because they were never sen
Re: (Score:2)
You're right. I sit corrected.
Re: (Score:3)
well, every version of safari so far has had remote execution bugs in it.
it's kind of puzzling how many they can have, actually, or if they just keep adding shit that creates new holes.
Is that the price of viral news stories these days (Score:2)
The NSA circumventing security measures? (Score:2)
This exploit would allow [the NSA and CIA] to get around any security measures and get into the target’s iPhone to intercept calls, messages, and access data stored in the phone.
The NSA and CIA are going to circumvent technological measures in contravention of the DMCA? Does the FBI know about this?
Re: (Score:2)
They're not circumventing digital rights management systems
Can you explain how this would violate the DMCA?
Re: (Score:2)
It works that way, it was manufactured, it passed QA and was sold. Of course it was intended to work that way. Q.E.D.
Re: (Score:1)
in ways unintended by the manufacturer It works that way, it was manufactured, it passed QA and was sold. Of course it was intended to work that way. Q.E.D.
What a maroon!
Just because something SLIPS THROUGH QA, doesn't mean it was INTENDED.
Fucking Fucktard.
And then you have the hubris to feign knowledge of Latin...
Re: (Score:2)
Even if this did otherwise come under the DMCA, there's probably an exception in the law for US security services.
iphone hack (Score:5, Funny)
This story is just ludicrous. I mean come on, really.
-- Sent from my iPhone
**Buy penis enlargement pills and viagra CHEAP! www.haxorezhackedme.com/viagra1.asp
Laugh (Score:1)
The NSA is furious!
Re: (Score:2)
Re: (Score:1)
Yeah, now they have to pay a few million to have it delivered to them on a silver platter. What a bummer!
You mean now they have to go through all the data they already collected on Zerodium to get the hack for free.
Re: (Score:1)
Yeah, now they have to pay a few million to have it delivered to them on a silver platter. What a bummer!
If you're talking about the NSA, You mean:
"Yeah, now we have to pay a few million to have it delivered to them on a silver platter."
FTFY.
Doesn't make sense to publicize (Score:3, Insightful)
Surely an unknown zero-day remote exploit would worth more than a publicized one?
If you are in the business of buying zero-days and sell to the highest bidder, it doesn't make sense to let Apple know that one is found. A much better approach is to require anyone claiming the bounty to keep quiet, so the buying can use the zero-day for much longer before anyone notice.
Re: (Score:3)
Better to attract ten new ways in from different skilled creators than hope a good hidden method stays open.
Re: (Score:3)
Interestingly enough, I notice the lack of three people who constantly scream about their iDevices and how glorious they are. Ah well... I don't have anything against Apple but I do find some of their believers to be a bit much. I'd think it a bit more honest of them to come in here and accept the music rather than trying to minimize it or ignore it.
Yeah, it has a security issue. So? Everything out there probably does. Give someone incentive and it will be found. Nothing is secure. Blindly following a greed
Re: (Score:1)
Interestingly enough, I notice the lack of three people who constantly scream about their iDevices and how glorious they are. Ah well... I don't have anything against Apple but I do find some of their believers to be a bit much. I'd think it a bit more honest of them to come in here and accept the music rather than trying to minimize it or ignore it.
Yeah, it has a security issue. So? Everything out there probably does. Give someone incentive and it will be found. Nothing is secure. Blindly following a greedy corporation is just silly.
Well, if it is only accessible through Chrome, then it is more likely a Chrome vulnerability than an iOS one. But it still sounds fairly "real".
;-)
The question is, is this something that is exploitable as a "Drive-By", or does it have so many moving parts that the only people that will be "exploited" will be those who WANT to JailBreak their iPhones?
Oh, and now, who were the other two?
Re: (Score:1)
Well, if it is only accessible through Chrome, then it is more likely a Chrome vulnerability than an iOS one.
If the security of the system can be compromised via a supposedly sandboxed application then it is most definitely the fault of the operating system that implements that failed sandbox.
And as I was entering my comment, that is exactly what I was thinking, too. HOWEVER, I broke the rules and actually read TFA, and there are so few details that there is absolutely no way to verify that it isn't all a complete lie, or even if it is true, that the exploit doesn't require active participation by the user.
Re: (Score:2)
Zerodium marketing ploy (Score:1)
Sounds like a zeroium marketing ploy. After all they've just set up, offered $1 MEELLION, make a fake payout, free publicity...
Now they have an exploit worth $1 MEALYON, at least in publicity terms.
Or perhaps they've been paid to attack the trust in iPhone by creating the illusion of a well hacked phone.
> "Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities."
So basi
Re: (Score:1)
Man, listen to what are you saying. Months ago a simple crafted SMS message would instantly reboot the iPhone
From what I heard from people trying it, it was anything BUT "simple crafted".
Re: (Score:1)
Oh well, I rebooted my work colleagues iPhones literally hundreds of times. Sometimes the phones spent only seconds turned on between reboots.
That's just cruel! ;-)
Re: (Score:2)
I knew I'd heard [wikipedia.org] of this guy before [wikipedia.org].
Exploit is though Chome browser (Score:2)
It's dubious how much that exploit is worth... as Chrome is not preinstalled in any iOS device. Apple can just ban the app it until it gets a security update.
Re: (Score:3)
Re: (Score:2, Flamebait)
RTFA, works on Safari, Chrome, SMS or mms
Perhaps you should RTFA more carefully. If you did, you'd notice that TFA mentions the challenge required that the exploit work through one of those 4 mechanism, but the actual exploit itself only works through Chrome (or at least that's the only one mentioned specifically).
Re: Exploit is though Chome browser (Score:1)
Chrome and Safari are both based on WebKit-- but their underlying tech (JavaScript compiler, process management, ect) is different; hence why the exploit only works in Chome.
Re: (Score:1)
As many have already pointed out before, Chrome on iOS is just a skin for Safari since Apple doesn't allow 3rd party browser engines.
Um, apparently NOT; since Safari doesn't do it, and Chrome does.
Re: (Score:1)
Just curious, do you know if the regular "Google" app on iOS has the same vulnerability as Chrome? I don't use Chrome on iOS, but I do use the Google app for quick searches and asking questions Siri should know, but doesn't (business hours, etc.).
Sorry, don't know. My guess would be "no", though.
Re: (Score:2)
I though Apple wouldn't let other browsers run on iOS? Everything else was just a skin for Safari.
Re: (Score:2)
AIUI, Apple doesn't allow other rendering engines, so all the browsers have to use the iOS version of Webkit. That leaves room for a lot of differences.
Re: (Score:2)
AFAIK Chrome uses the same rendering engine as Safari, so what is the point in banning it?
Where would be the extra explot path in Chrome versus Safari? IMHO there is none.
Re: (Score:2)
Just because Chrome uses the same renderer as Safari doesn't mean that the apps are identical in every way.
Re: (Score:2)
the rendering engine is the same (WebKit), but the JavaScript interpreter/JIT is different; Safari uses Nitro; which non-Safari apps can't use.
Re: (Score:2)
The reason for this is Nitro compiles Javascript code to native code, something most high end JavaScript engines do these days. But that introduces an obvious security hole, so what Apple did was sandbox Safari even more so Safari can't do things that regular applications can to avoid security issues.
Regular UIWebView applications can't use this because it would be t