zerodium
Latest
Cybersecurity firm offers $1.5 million for iPhone exploits
A previously undisclosed (aka zero-day) exploit can fetch enough money to buy its finder a house. Zerodium, a firm that buys security exploits, has announced that it's paying $1.5 million for one that can be used to take over iPhones and iPads. That's thrice what the company used to offer, though it did up the bounty to $1 million last year for a limited time. While that very much smelled like PR stunt, Zerodium did end up having to pay one group the full amount. Unlike that time, this price bump is permanent. Anyone who's OK with the fact that Zerodium will sell their find to the government and to various corporations can cash in anytime.
FBI paid over $1.3 million to unlock San Bernardino iPhone
Today, FBI director James Comey noted that the cost to the bureau to unlock the iPhone used by San Bernardino shooter Syed Farook was more than what he would make in the seven years and four months before his retirement. Reuters busted out its calculators and determined that he would make $1.3 million in his time left as head of the government agency. So, you know, more than that.
The $1 million iOS bug bounty is bad for security research
The public perception of the black-hat hacker is of a lone person sitting in a dark room creating malware and unleashing it on the world and reaping the profits of their exploit. The reality is a bit more complicated and far more financially lucrative. Nothing shines a light on this more than the Zerodium publicity stunt of offering $1 million for iOS 9 zero-day exploits. Founder Chaouki Bekrar has a history of selling exploits to the highest bidder instead of disclosing the issue to the maker of the compromised product. It flies in the face of responsible disclosure of exploits by security researchers and means that anyone with enough cash will have the ammunition to ruin the digital life of anyone with an iPhone.
