Apple Inc. puts a bounty on bugs that users, mostly of the more expert variety, find in its software. The firm isn’t the only one that does that. Various tech firms from Alphabet Inc to Tesla Motors Inc, offer similar rewards. It gives hackers a reason to tell the firm about the bugs, and makes finding them easier. Apple isn’t the only one looking for bugs on the iPhone, however.
Security firm Zerodium says that someone has claimed a $1 million reward for finding a major exploit in iOS 9 the latest iPhone OS. Lorenzo Franceschi-Bicchierai over at Vice was the first to pick up on the story, and the connections to the US government’s spy organs that lie at the heart of it.
Zerodium sells secrets to the NSA
Zerodium isn’t Apple, and the firm pays a much higher price for iPhone bounties than the Cupertino concern does. It does so, simply, because it has access to a customer base that will pay even more for access to high level secrets about the OS of the world’s most popular premium smartphone.
Specifically the team, which was not identified by Zerodium, found a way to jailbreak iOS 9 remotely. That hasn’t been accomplished with iOS, in a public way at least, since iOS 7.
Franceschi-Bicchierai says that the firm’s business model is simple, and it’s not the only firm that involves itself in these sorts of dealings. Firms of this type, “offer higher rewards than what tech companies usually pay out, and keep the vulnerabilities secret, revealing them only to certain government customers, such as the NSA.”
That’s a scary thought for any of those that rely on their iPhone for security, and the fact that a business specifically dealing in iPhone hacks exists is worrying in and of itself.
Apple refuses back doors
The Apple stance on security has always been a little confusing. The firm seeks to have more control over info and software than any other major tech concern, but at the same time it claims that it does its best to protect the user.
The firm’s reputation for keeping user data safe could be a meaningful part of its sales strategy in the years ahead. Rumors have been around for quite a while, however, that each and every iPhone has a back door that allows state organs to interfere and retrieve data.
On October 12, in a public capacity, the White House said that it would not force Apple to open such a back door to law enforcement. The FBI was notably looking for such a tool so that it could gain access to the smart phones without needing to go through Apple, or users.
It appears that there’s already more than one way for state organs to get inside an iPhone. Nick Weaver, who works at Berkeley’s Computer Science unit says, “There are three or four ways into the typical iPhone. It takes someone really paranoid to have closed all of them.”
The latest hack, which will likely be sold to the NSA if they find it useful, won’t be the only way to get inside the iPhone. As law enforcement worries more and more about what’s going on inside people’s pockets, and firms like Zeronium offer higher rewards than Apple , there’s likely to be more.