Latest in Gear

Image credit:

Cybersecurity firm offers $1.5 million for iPhone exploits

It will sell them to the government and to corporations.
Mariella Moon, @mariella_moon
September 30, 2016
Share
Tweet
Share

Sponsored Links

A previously undisclosed (aka zero-day) exploit can fetch enough money to buy its finder a house. Zerodium, a firm that buys security exploits, has announced that it's paying $1.5 million for one that can be used to take over iPhones and iPads. That's thrice what the company used to offer, though it did up the bounty to $1 million last year for a limited time. While that very much smelled like PR stunt, Zerodium did end up having to pay one group the full amount. Unlike that time, this price bump is permanent. Anyone who's OK with the fact that Zerodium will sell their find to the government and to various corporations can cash in anytime.

Apple launched its own bounty program back in August, promising to reward researchers with up to $200,000 in cash. That's far from the $1.5 million Zerodium offers, but as Ars Technica notes, the firm has more demands than a corporation-run program. It will only pay that much for an exploit that's guaranteed to give attackers complete control over the device they're targeting. The programs are also after different types of vulnerabilities.

As for why Zerodium decided to triple its bounty, company founder Chaouki Bekrar told Ars that it's merely a response to how secure the latest versions of mobile platforms like iOS and Android are. And the reward for iOS exploits is a whole lot more than the $200,000 it's offering for Android hacks either because it's harder to crack iOS 10 than Android 7 or because the demand is higher. "The reality is a mix of both," he said.

As you can imagine, companies like Zerodium are highly controversial. When it announced its million-dollar reward last year, Lance Cottrell, chief scientist of security firm Ntrepid, told us that whatever it snaps up is "almost certainly going to be used against people's best interests." The government could use it to monitor people other than terrorists and criminals. Companies could use it to keep an eye on their competitors. Bekrar argued, however, that the government and law enforcement agencies such as the FBI need these exploits for the sake of national security.

In this article: apple, exploit, gear, hack, iphone, security, zerodium
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Amazon’s free news app on Fire TV now features local stations

Amazon’s free news app on Fire TV now features local stations

View
Japan's Hayabusa2 probe returns its asteroid sample to Earth

Japan's Hayabusa2 probe returns its asteroid sample to Earth

View
'Call of Duty' season one update will launch December 16th

'Call of Duty' season one update will launch December 16th

View
Destiny 2's next-gen upgrade requires downloading the game again

Destiny 2's next-gen upgrade requires downloading the game again

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr