$1 Million Bounty for Jailbreaking iOS 9 Claimed; Hackers Can Now Remotely Jailbreak Any iOS 9 Device
iOS Jailbreaking is defined as a hacking procedure to remove any restriction placed by Apple’s operating system iOS on Apple devices such as iPhone, iPad and Apple TV. Via iOS jailbreaking, any hacker can gain root access to iOS file system and manager and basically do anything he wants. The hacker can install apps which are not available on App store, steal information and essentially play havoc with the device.
Normally, Apple devices are almost impossible to jailbreak, as they are known for their hardcore security measures. In order to test the vulnerabilities of iOS 7, a company named Zerodium announced a bounty of $1 million to anyone who can jailbreak an iOS 9 device.
Zerodium termed ‘The Million Dollar iOS 9 Bug Bounty’ as world’s biggest zero-day bug bounty program and promised to pay $1 million to anyone who provides them with “an exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices.”
Just hours before the closure of this special bounty program, a team of hackers have claimed to remotely jailbreak an iOS 9 powered iPhone and have won this bounty program. Zerodium, which call themselves as ‘premium exploit acquisition platform’, announced via Twitter:
— Zerodium (@Zerodium) November 2, 2015
Why Should iPhone users Should Worry?
First and foremost, the success of this jailbreak bounty program is unprecedented because till now, no hacker could have hacked an Apple device remotely. But now, these hackers can get into any Apple device, from anywhere they want.
Using the security exploits of web browsers such as Chrome and Safari or SMS/MMS functionality, iOS jailbreaking can now be successfully executed.
Secondly, unlike other bug bounty programs which are announced to secure a platform, Zerodium is likely to sell these exploits to third parties, who would want to play around with other’s Apple devices. An example can be the iPhone or iPad of the CEO of a large MNC. The competitors can hire Zerodium and ask them to install a tracking app on that iPhone.
As per the terms and conditions of this bug bounty program, the hacking process “should be achievable remotely, reliably, silently and without requiring any user interaction except visiting a web page or reading a SMS/MMS.”; which means that the successful hacker was able to jailbreak an iOS device by simply luring the user to open a webpage or read SMS/MMS.
Zerodium founder Chaouki Bekrar said, “Making the jailbreak remotely triggerable via Safari or Chrome requires at least two to three additional exploits compared to a local jailbreak,”
Such remote hacking of an Apple device was not even a possibility before; but now, iPhone users should be really worried.
Considering that it was a ‘zero-day’ bug bounty, which means that the manufacturer was not aware about this hack. Apple engineers would be now busy figuring out how to stop this jailbreaking; but until then, keep your fingers crossed.