$1M Bounty for iPhone Hack
I don’t know whether to believe this story. Supposedly the startup Zerodium paid someone $1M for an iOS 9.1 and 9.2b hack.
Bekrar and Zerodium, as well as its predecessor VUPEN, have a different business model. They offer higher rewards than what tech companies usually pay out, and keep the vulnerabilities secret, revealing them only to certain government customers, such as the NSA.
I know startups like publicity, but certainly an exploit like this is more valuable if it’s not talked about.
So this might be real, or it might be a PR stunt. But companies selling exploits to governments is certainly real.
Another news article.
Kai Howells • November 3, 2015 2:53 PM
At this stage they’ve received so much publicity for it that their name will be mud if they don’t follow through and pay out. Their only wiggle room seems to be if the exploit “fully meets the bounty rules”.
There’s also the unnamed source “who used to work for the NSA” who said that paying out $1M for such an exploit isn’t so unbelievable as you can sell it to “the right people” (presumably three-letter agencies or foreign nation states) for much more.
Still, it will be interesting to see where it all goes from here, and how quickly Apple get on to patching it.