$1 Million Bounty Given for ‘Jailbreaking’ iOS 9.1 in Apple Phones


11/04/2015



One million dollars has been reportedly paid to an un-named team of researchers for their method to “jailbreak” the latest version of Apple’s mobile operating system, iOS 9.1 says computer exploit merchant Zerodium.
 
The practice of breaking the restrictions placed on iPhones and iPads by Apple, in order to use the devices in ways not intended by the original manufacturer is termed as “jailbreaking”. Installing pirated software, deleting default apps, or using programmes banned from the App Store by the California company are included in the “jailbreaking” process.
 
Tools to jailbreak iPhones are also popular amongst groups that seek to install spyware on mobile devices – such as law enforcement and criminal enterprises as the practice also removes the security protections built into iOS by default.
 
Trading in exploits for software, security weaknesses which allow hackers and other malicious actors to break into devices are the primary areas that Zerodium, which was founded in July 2015, functions in.
 
A vulnerability which the manufacturer doesn’t know about and hasn’t had time to fix, called a 0-day bug, is often worth considerably more to people with a professional desire to hack into computers. Apart from this security researchers often inform device manufacturers when they have discovered a vulnerability, sometimes in exchange for a bug bounty, a payment from the manufacturer for their work.
 
 
Chaouki Bekrar, the founder of Zerodium had previously acted as a middleman in such trades with his company VUPEN. Zerodium is a higher-profile entry into the same business. The launch of the company has happened with a bang when it offered a sum of $1m as bounty for anyone who was able to carry out a remote, browser-based, “untethered” jailbreak on iOS 9.1, the latest version of iOS.
 
Versions of the hack, which require the phone to be plugged in to a computer, or which are undone when the phone is restarted, did not qualify the requirements for claiming the bug bounty of $1 million. Instead, the jailbreak can be applied simply by navigating to a webpage.
 
National security agencies, the most likely buyers for the products of Zerodium would evidently be pleased by the new of the jail break. Another group who would be pleased by the news would be those users who want to update their phone to the latest version of Apple’s operating system without losing the ability to install whatever they want.
 
A chain of severe vulnerabilities in the operating system, each of which feeds into the next until ultimately, the remotely deployed code has made changes to the deepest levels of the phone’s programming is the actual process that “jailbreakers” employ in practice.
 
The “jailbreak” reveals inherent vulnerabilities that indicate that it is easy to willingly jailbreak the phone. A successful “jailbreak” also shows that any determined and adequately talented attacker would be able to break down the protection system in the phone as well as install further software on it to monitor the user.
 
The jailbreak affects the beta version of iOS 9.2, expected to be released shortly, says Zerodium. But it seems unlikely to stick around for long after that, and Apple will already be working around the clock to identify and fix the holes.
(Source:www.theguardian.com)