According to Zerodium’s founder Chaouki Bekrar, speaking to Wired, there were two teams in the hunt for victory, but only one came up with the real deal. The company was looking for something far beyond the publicly available jailbreak methods, requiring a browser or SMS-based, remotely carried out hack, that would result in the “remote, privileged, and persistent installation of an arbitrary app.”
However, while this sounds innocuous, Zerodium will go on to sell the hack to its customers, which apparently include technology companies, finance institutions, and defense corporations. Government agencies are also mentioned as Zerodium clients. Bekrar says he expects to sell the new iOS hack to a U.S. customer. While such exploits could be valuable to companies wanting to ensure their own devices are highly secure, they could also be equally valuable to those interested in illicit surveillance.
There’s little chance of the vulnerabilities being fixed by Apple in the very near future, at least off the back of this competition, because Zerodium has no intention of informing Apple of the methods used at this time. It may do so at a later date, but certainly not before its big payday. If you’re wondering, while ethically questionable, Zerodium and its clients aren’t doing anything illegal. The million-dollar bug hunt bounty competition is therefore unlikely to be the last of its type, given the obvious financial benefit to all involved.
Editors' Recommendations
- Hackers roll out jailbreak for iOS 13.5, days after latest update’s release
- iOS 13’s FaceTime bug gives access to your iPhone contacts without permission
- From iOS 1 to iOS 11: How Apple’s iPhone OS has evolved since 2007
- The best food and drink apps for iOS
- Update your iOS device to 9.3.5 as it fixes serious security vulnerabilities
