All iPhones hackable? Hackers harvest $1mln iOS9 bounty from NSA-linked ‘bug broker’

© Stephane de Sakutin
Bad news for Apple users. A firm which describes itself as "a premium exploit acquisition platform" has just paid $1 million to undisclosed hackers to remotely jailbreaking the latest iPhone operating system – which potentially opens way for spy agencies abusing it too.

The French cybersecurity company Zerodium’s modus operandi is largely the collection of so-called zero-day vulnerabilities – holes in software unknown to the vendor which can be exploited by hackers without fear that they would be patched up.

The announcement was made Monday by the chief of the bounty startup, Chaouki Bekrar.

Zerodium is shy about revealing the specifics to consumers – unlike an ordinary security company, which seeks to inform the device’s manufacturer straight away. The bounty was placed in late September, with a multi-million dollar prize stashed for the winner.

“The Million Dollar iOS 9 Bug Bounty,” the offer read, “is tailored for experienced security researchers, reverse engineers, and jailbreak developers, and is an offer made by Zerodium to pay out a total of three million U.S. dollars in rewards for iOS exploits/jailbreaks.”

So, the only thing we know now is that hackers have managed to jailbreak iOS 9 devices, which theoretically gives them the ability to intercept your info and install malicious apps – and we don’t know how to stop it.

READ MORE: Apple security flaw could be a backdoor for the NSA

Not much is known about the technical specifics of the hack itself, however.

The challenge posted by Zerodium required the crack to work on an iPhone and iPad, and be executable from multiple browsers, as well as text and multimedia messaging. So, the winners had to find a whole chain of bugs.

“Making the jailbreak remotely triggerable via Safari or Chrome requires at least two to three additional exploits compared to a local jailbreak,” Bekrar told Motherboard over Twitter. He even wanted to extend the challenge, when, as late as October, no one had claimed the prize.

“The winning team has submitted the exploits just a few hours before the expiration of the Zerodium bounty,“ he added later in an email.

The result Zerodium got from an unnamed hacker group is impressive. The phone is jail-broken remotely, then it’s up to the client’s imagination what they wish to do.

Scarily, this is not an isolated case; Chinese hacker group Pangu already hacked the new iPhone. Their only problem being they couldn’t execute the hack remotely.

But worse, Zerodium’s predecessor VUPEN (which followed a similar model to the current incarnation, and was also founded by Bekrar) was found in September to be in cahoots with the National Security Agency, the agency famous the world over for secret and illegal blanket surveillance, according to documents obtained by Muckrock through the Freedom of Information Act.

READ MORE: NSA contracted French cyber-firm for hacking help

But should we be surprised? Spy agencies make no attempt to hide the fact they are looking to hack our phones. The FBI famously complained for months that Apple’s security wasn’t flimsy enough for it.

Apple did not respond with a comment, but one former NSA employee told Motherboard earlier that $1 million is a great price for its troubles. Because “if you sell it to the right people,” you can get much more.

At present, according to Bekrar, Zerodium is still testing the hack to see if the entire “bug chain” holds up. Despite the secretive nature of the hack, Bekrar says Apple will probably come up with a patch anyway, “in a few weeks to a few months.”