Zero-Day Acquisition Platform Triples iOS 10 Bug Bounty to $1.5 Million

[macsrcool1234]

The gist of Apple’s bounty programme is that they want to compensate people for their work, not pay them the black-market value of the exploits. Because usable exploits are becoming increasingly harder to find, only experienced hackers or programmers can find them, people who could easily use their talents elsewhere. The bounty programme is Apple’s acknowledgement that hackers have to spend real time to find these, hence why the rewards scale according to technical difficulty, as an encouragement to look for them.

If I find an exploit matching this criteria, why would I report it to Apple if I can make so much more selling it to these people?

What's the incentive?
[doublepost=1475386096][/doublepost]

One reason I can think of is that if Apple gets into a bidding war, this might drive the price up and draw even more hackers to try and find bugs with iOS. Which would in turn expose even more flaws with the operating system, opening it up to even more vectors of attacks.

Second is worth. Just because some company out there is willing to pay 1.5 million for an iOS exploit doesn't necessarily mean that Apple thinks said exploit is worth that much to them.

Than we will have the San Bernardino type of court battle all over again.

 

[thekev]

This should be 100% illegal. It is obtaining private information without the users permission and then brokering that information to persons unknown.

When the government wants our information they have to have a valid legal reason. This circumvents that. So how can it be legal ?

It is a really messed up world we find ourselves in my friends

That is incorrect. Governments do appear to be among their client list, according to zerodium's site. The government agency would need a warrant for it to be legal. If they requested such a thing without a warrant, it would be an illegal request. You seem to be very confused about this.

This company needs to be broken up by the government, the owners sent to jail.

If you look at the link, governments are among their clients. Seeing as it's not illegal to discover security exploits, they can't do anything about it. There are certain boundaries. If you hack into a random person's phone, you can be arrested. Security researchers typically use equipment owned by them or their firm or institution. Some of them work in academia.

 

[0388631]

You know, if Apple played their cards right, they could contract someone to work on their behalf and get $1.5Million of of Zerodium's money and directly benefit Apple. In fact, a truly conniving company could create a hidden 'vulnerability', sell it to Zerodium, fix the code right away and sink the potentially sabotaging company.

Companies already do this. It's smart in the long run.

 

[Abazigal]

You know, if Apple played their cards right, they could contract someone to work on their behalf and get $1.5Million of of Zerodium's money and directly benefit Apple. In fact, a truly conniving company could create a hidden 'vulnerability', sell it to Zerodium, fix the code right away and sink the potentially sabotaging company.

This reminds me of those science fiction stories where something always goes wrong, despite the actors' best intentions. Like the scientist wants to research a cure for cancer but ends up unleashing a virus which wipes out the majority of mankind.

What if there are some iOS devices out there which end up never receiving said update for some reason or another? Or maybe the patch doesn't work as intended? You are talking about knowingly and willfully introducing a vulnerability into your own operating system.

It sounds good on paper but I am really not for introducing more variables into what is already a very problematic issue.

 

[Sefstah]

It's pretty obvious that your mental capacity can't stretch beyond a single sentence, if you want to get personal.

There are loads of extremely dangerous exploits that could occur, even offline, if a pilot's iPad was hijacked. Theoretically, they could develop a baseband firmware which jammed the on-board GPS and other communications and, since these are the backup maps, they could have the plane fly in the wrong direction to engineer a low-fuel situation either in a compromised location (taking the aircraft, crew and passengers hostage) or just in the middle of the ocean. Maybe they can transmit a convincing dummy GPS signal. The iPad doesn't even have to stay offline - the hack could potentially invisibly connect to on-board WiFi if available. Maybe they don't even have to - maybe they can just detect flight conditions in other ways and make the iPads overheat and explode. There are players out there who truly go to incredible lengths; never underestimate the lengths people will go to in order to harm others.

It's pretty obvious that you severely underestimate cybersecurity.



A zero-day exploit is fundamentally separate from the concept of "jailbreaking". Jailbreaking is something you do to your own device, with the intention of removing restrictions from the manufacturer. A hack is something that somebody else does to invade your computer, and their intentions can be all over the map. Both may make use of zero-days, but there is an huge distance between them.

I do remember hearing about cases where malware jailbroke peoples' phones. There are some proof-of-concepts, but I also remember about hearing one in the wild at one point (forget the name).

Here's a POC fake charger which can jailbreak your phone without you knowing: http://www.jailbreakmodo.com/3rd-party-iphone-chargers-can-install-malware-on-your-device.html

Also cases about malware targeting jailbroken phones: http://researchcenter.paloaltonetwo...000-apple-accounts-to-create-free-app-utopia/

This is why I find the idea of zero-day exploits available for anybody with enough cash abhorrent. I'm aware that such places likely exist on the darknet, but we shouldn't allow them to also openly flaunt themselves as a registered corporation. We don't have a way to regulate their use (if there are legitimate ones) by private parties, so we must consider them potentially extremely dangerous.

You're on your own my friend.

 

[KALLT]

If I find an exploit matching this criteria, why would I report it to Apple if I can make so much more selling it to these people?

What's the incentive?

The incentive is a good conscience. Apple always made an appeal to hackers to do the right thing. They are not interested in partaking in the black market even if it means risking that exploits are sold and purchased by evildoers. This is still a powerful motivation for many people, not everyone is interested in just money.

 

[macsrcool1234]

The incentive is a good conscience. Apple always made an appeal to hackers to do the right thing. They are not interested in partaking in the black market even if it means risking that exploits are sold and purchased by evildoers. This is still a powerful motivation for many people, not everyone is interested in just money.

Delusional thinking.

 

[KALLT]

Delusional thinking.

I beg to differ.

 

[The-Real-Deal82]

Why is there a picture on the thread header containing a plane crashing into the WTC? lol I've just read the OP and it's not evening remotely related to 9/11.

Here's a picture of a monkey playing tennis